140 matches found
OSSEC: Multiple vulnerabilities
Background OSSEC is a full platform to monitor and control your systems. Description Multiple vulnerabilities have been discovered in OSSEC. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no know...
GLSA-202007-33 : OSSEC: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202007-33 OSSEC: Multiple vulnerabilities Multiple vulnerabilities have been discovered in OSSEC. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details...
Product update: Virtuozzo 7.0 Update 13 Hotfix 1 (7.0.13-302)
The Hotfix 1 for Virtuozzo 7.0 Update 13 provides stability and usability bug fixes. Vulnerability id: PSBM-101223, PSBM-102156 Unable to live-migrate container with splunk, sensu, ossec-hids tools running inside. Vulnerability id: PSBM-102472 systemd 219-67.vl7.4 not working after the update...
OSSEC-HIDS Code Issue Vulnerability
OSSEC-HIDS is an open source intrusion detection tool. OSSEC-HIDS is vulnerable to a code issue. The vulnerability stems from an improperly designed or implemented code development process for a network system or product. An attacker could exploit this vulnerability to cause a denial of service...
CVE-2020-8448
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a denial of service NULL pointer dereference via crafted messages written directly to the analysisd UNIX domain socket by a local user...
CVE-2020-8447
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a use-after-free during processing of syscheck formatted msgs received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted...
CVE-2020-8447
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a use-after-free during processing of syscheck formatted msgs received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted...
CVE-2020-8448
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a denial of service NULL pointer dereference via crafted messages written directly to the analysisd UNIX domain socket by a local user...
CVE-2020-8444
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a use-after-free during processing of ossec-alert formatted msgs received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted...
CVE-2020-8442
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client...
CVE-2020-8446
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to path traversal with write access via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user...
CVE-2020-8443
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs received from authenticated remote agents and delivered to the analysisd processing queue by...
CVE-2020-8446
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to path traversal with write access via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user...
CVE-2020-8445
In OSSEC-HIDS 2.7 through 3.5.0, the OSCleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines \n are permitted in messages processed by ossec-analysisd, i...
CVE-2020-8443
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs received from authenticated remote agents and delivered to the analysisd processing queue by...
CVE-2020-8442
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client...
CVE-2020-8444
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a use-after-free during processing of ossec-alert formatted msgs received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted...
CVE-2020-8445
In OSSEC-HIDS 2.7 through 3.5.0, the OSCleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines \n are permitted in messages processed by ossec-analysisd, i...
Double free
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a use-after-free during processing of ossec-alert formatted msgs received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted...
Null pointer dereference
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a denial of service NULL pointer dereference via crafted messages written directly to the analysisd UNIX domain socket by a local user...