Lucene search
+L

140 matches found

gentoo
gentoo
added 2020/07/27 12:0 a.m.64 views

OSSEC: Multiple vulnerabilities

Background OSSEC is a full platform to monitor and control your systems. Description Multiple vulnerabilities have been discovered in OSSEC. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no know...

10CVSS2.5AI score0.02685EPSS
Exploits7
nessus
nessus
added 2020/07/27 12:0 a.m.31 views

GLSA-202007-33 : OSSEC: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202007-33 OSSEC: Multiple vulnerabilities Multiple vulnerabilities have been discovered in OSSEC. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details...

10CVSS7.2AI score0.02685EPSS
Exploits7References8
virtuozzo
virtuozzo
added 2020/04/06 12:0 a.m.70 views

Product update: Virtuozzo 7.0 Update 13 Hotfix 1 (7.0.13-302)

The Hotfix 1 for Virtuozzo 7.0 Update 13 provides stability and usability bug fixes. Vulnerability id: PSBM-101223, PSBM-102156 Unable to live-migrate container with splunk, sensu, ossec-hids tools running inside. Vulnerability id: PSBM-102472 systemd 219-67.vl7.4 not working after the update...

7AI score
Exploits0
cnvd
cnvd
added 2020/02/05 12:0 a.m.2 views

OSSEC-HIDS Code Issue Vulnerability

OSSEC-HIDS is an open source intrusion detection tool. OSSEC-HIDS is vulnerable to a code issue. The vulnerability stems from an improperly designed or implemented code development process for a network system or product. An attacker could exploit this vulnerability to cause a denial of service...

5.5CVSS7AI score0.00492EPSS
Exploits2References1
nvd
nvd
added 2020/01/30 1:15 a.m.22 views

CVE-2020-8448

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a denial of service NULL pointer dereference via crafted messages written directly to the analysisd UNIX domain socket by a local user...

5.5CVSS6.2AI score0.00492EPSS
Exploits2References4
nvd
nvd
added 2020/01/30 1:15 a.m.27 views

CVE-2020-8447

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a use-after-free during processing of syscheck formatted msgs received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted...

9.8CVSS9.5AI score0.01939EPSS
Exploits2References4
osv
osv
added 2020/01/30 1:15 a.m.19 views

CVE-2020-8447

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a use-after-free during processing of syscheck formatted msgs received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted...

9.8CVSS6.8AI score
Exploits0References4
osv
osv
added 2020/01/30 1:15 a.m.14 views

CVE-2020-8448

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a denial of service NULL pointer dereference via crafted messages written directly to the analysisd UNIX domain socket by a local user...

5.5CVSS6.6AI score
Exploits0References4
nvd
nvd
added 2020/01/30 1:15 a.m.25 views

CVE-2020-8444

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a use-after-free during processing of ossec-alert formatted msgs received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted...

9.8CVSS9.5AI score0.02489EPSS
Exploits2References4
nvd
nvd
added 2020/01/30 1:15 a.m.20 views

CVE-2020-8442

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client...

8.8CVSS9.2AI score0.02385EPSS
Exploits2References4
nvd
nvd
added 2020/01/30 1:15 a.m.19 views

CVE-2020-8446

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to path traversal with write access via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user...

5.5CVSS6.4AI score0.00504EPSS
Exploits2References4
nvd
nvd
added 2020/01/30 1:15 a.m.21 views

CVE-2020-8443

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs received from authenticated remote agents and delivered to the analysisd processing queue by...

9.8CVSS9.7AI score0.02685EPSS
Exploits2References4
osv
osv
added 2020/01/30 1:15 a.m.13 views

CVE-2020-8446

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to path traversal with write access via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user...

5.5CVSS6.6AI score
Exploits0References4
nvd
nvd
added 2020/01/30 1:15 a.m.12 views

CVE-2020-8445

In OSSEC-HIDS 2.7 through 3.5.0, the OSCleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines \n are permitted in messages processed by ossec-analysisd, i...

10CVSS9.8AI score0.02277EPSS
Exploits1References4
osv
osv
added 2020/01/30 1:15 a.m.17 views

CVE-2020-8443

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs received from authenticated remote agents and delivered to the analysisd processing queue by...

9.8CVSS7.3AI score
Exploits0References4
osv
osv
added 2020/01/30 1:15 a.m.14 views

CVE-2020-8442

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client...

8.8CVSS7.1AI score
Exploits0References4
osv
osv
added 2020/01/30 1:15 a.m.21 views

CVE-2020-8444

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a use-after-free during processing of ossec-alert formatted msgs received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted...

9.8CVSS6.8AI score
Exploits0References4
osv
osv
added 2020/01/30 1:15 a.m.16 views

CVE-2020-8445

In OSSEC-HIDS 2.7 through 3.5.0, the OSCleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines \n are permitted in messages processed by ossec-analysisd, i...

9.8CVSS7.3AI score
Exploits0References4
prion
prion
added 2020/01/30 1:15 a.m.16 views

Double free

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a use-after-free during processing of ossec-alert formatted msgs received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted...

7.5CVSS9.3AI score0.02489EPSS
Exploits2References4Affected Software1
prion
prion
added 2020/01/30 1:15 a.m.15 views

Null pointer dereference

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a denial of service NULL pointer dereference via crafted messages written directly to the analysisd UNIX domain socket by a local user...

2.1CVSS6.2AI score0.00492EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder