Lucene search
+L

88 matches found

NVD
NVD
added 2020/01/30 1:15 a.m.20 views

CVE-2020-8442

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client...

8.8CVSS9.2AI score0.02385EPSS
Exploits2References4
OSV
OSV
added 2020/01/30 1:15 a.m.17 views

CVE-2020-8443

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs received from authenticated remote agents and delivered to the analysisd processing queue by...

9.8CVSS7.3AI score
Exploits0References4
OSV
OSV
added 2020/01/30 1:15 a.m.14 views

CVE-2020-8442

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client...

8.8CVSS7.1AI score
Exploits0References4
OSV
OSV
added 2020/01/30 1:15 a.m.22 views

CVE-2020-8444

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a use-after-free during processing of ossec-alert formatted msgs received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted...

9.8CVSS6.8AI score
Exploits0References4
OSV
OSV
added 2020/01/30 1:15 a.m.14 views

CVE-2020-8446

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to path traversal with write access via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user...

5.5CVSS6.6AI score
Exploits0References4
OSV
OSV
added 2020/01/30 1:15 a.m.16 views

CVE-2020-8445

In OSSEC-HIDS 2.7 through 3.5.0, the OSCleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines \n are permitted in messages processed by ossec-analysisd, i...

9.8CVSS7.3AI score
Exploits0References4
Prion
Prion
added 2020/01/30 1:15 a.m.19 views

Heap overflow

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client...

6.5CVSS9.1AI score0.02385EPSS
Exploits2References4Affected Software1
Prion
Prion
added 2020/01/30 1:15 a.m.17 views

Heap overflow

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs received from authenticated remote agents and delivered to the analysisd processing queue by...

7.5CVSS9.6AI score0.02685EPSS
Exploits2References4Affected Software1
Prion
Prion
added 2020/01/30 1:15 a.m.17 views

Design/Logic Flaw

In OSSEC-HIDS 2.7 through 3.5.0, the OSCleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines \n are permitted in messages processed by ossec-analysisd, i...

10CVSS9.6AI score0.02277EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2020/01/30 1:15 a.m.18 views

Path traversal

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to path traversal with write access via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user...

2.1CVSS6.4AI score0.00504EPSS
Exploits2References4Affected Software1
Prion
Prion
added 2020/01/30 1:15 a.m.14 views

Design/Logic Flaw

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a use-after-free during processing of syscheck formatted msgs received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted...

7.5CVSS9.3AI score0.01939EPSS
Exploits2References4Affected Software1
Prion
Prion
added 2020/01/30 1:15 a.m.16 views

Null pointer dereference

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a denial of service NULL pointer dereference via crafted messages written directly to the analysisd UNIX domain socket by a local user...

2.1CVSS6.2AI score0.00492EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2020/01/30 12:34 a.m.25 views

CVE-2020-8442

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client...

9.4AI score0.02385EPSS
Exploits2References4
CVE
CVE
added 2020/01/30 12:34 a.m.94 views

CVE-2020-8442

CVE-2020-8442 affects OSSEC-HIDS up to version 3.5.0. The vulnerability is a heap-based buffer overflow in the rootcheck decoder inside the server component responsible for log analysis (ossec-analysisd) when accessed by an authenticated client. Affected range: OSSEC-HIDS 2.7–3.5.0. Exploitation ...

8.8CVSS8.8AI score0.02385EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2020/01/30 12:34 a.m.88 views

CVE-2020-8443

CVE-2020-8443 affects OSSEC-HIDS 2.7–3.5.0: the server component ossec-analysisd is vulnerable to an off-by-one heap-based buffer overflow when cleaning crafted syslog messages passed from authenticated remote agents via ossec-remoted into the analysis queue. Public disclosures across multiple fe...

9.8CVSS9.5AI score0.02685EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2020/01/30 12:34 a.m.20 views

CVE-2020-8443

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs received from authenticated remote agents and delivered to the analysisd processing queue by...

9.7AI score0.02685EPSS
Exploits2References4
CVE
CVE
added 2020/01/30 12:33 a.m.89 views

CVE-2020-8444

CVE-2020-8444 affects OSSEC-HIDS server component ossec-analysisd (versions 2.7–3.5.0) and is due to a use-after-free while processing ossec-alert messages from authenticated remote agents via ossec-remoted. Public data assigns a CVSS v3.1 base score of 9.8 (CRITICAL; NETWORK attack, no privilege...

9.8CVSS9.3AI score0.02489EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2020/01/30 12:33 a.m.23 views

CVE-2020-8444

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a use-after-free during processing of ossec-alert formatted msgs received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted...

9.5AI score0.02489EPSS
Exploits2References4
Cvelist
Cvelist
added 2020/01/30 12:33 a.m.20 views

CVE-2020-8445

In OSSEC-HIDS 2.7 through 3.5.0, the OSCleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines \n are permitted in messages processed by ossec-analysisd, i...

9.8AI score0.02277EPSS
Exploits1References4
CVE
CVE
added 2020/01/30 12:33 a.m.94 views

CVE-2020-8445

CVE-2020-8445 affects OSSEC-HIDS 2.7–3.5.0. The OS_CleanMSG function in ossec-analysisd fails to strip/encode terminal control characters and newlines, allowing injected nested events or obfuscated log content. This may enable an unauthenticated remote attack for certain logged data types/origins...

10CVSS9.6AI score0.02277EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder