Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-8443: OSSEC - World's Most Widely Used Host Intrusion Detection System - HIDS

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted).

CVE
#mac#windows#linux#rce#vmware#buffer_overflow#auth

Server Intrusion Detection for Every Platform

Open Source HIDS

OSSEC is fully open source and free. You can tailor OSSEC for your security needs through its extensive configuration options, adding custom alert rules and writing scripts to take action when alerts occur.

Multiplatform HIDS

OSSEC offers comprehensive host-based intrusion detection across multiple platforms including Linux, Solaris, AIX, HP-UX, BSD, Windows, Mac and VMware ESX.

PCI Compliance

OSSEC helps organizations meet specific compliance requirements such as PCI DSS. It detects and alerts on unauthorized file system modification and malicious behavior that could make you non-compliant.

COMMUNITY

Contribute To The Project

Join The OSSEC Mailing List

Join The Slack Channel

OSSEC Conference 2021

PLATINUM SPONSORS

Atomicorp - Atomicorp Enterprise OSSEC

Atomicorp extends the power of OSSEC through extended security features that enable both detection and protection; with an easy-to-use, powerful OSSEC GUI; and full product support. Visit Atomicorp to learn more about Atomicorp Enterprise OSSEC.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907