Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Rsyslog
(Rsyslog)| Repositories | https://github.com/rsyslog/rsyslog |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-11-14 | CVE-2011-1490 | A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset | Debian_linux, Opensuse, Rsyslog | N/A | ||
| 2019-11-14 | CVE-2011-1489 | A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset. | Debian_linux, Opensuse, Rsyslog | N/A | ||
| 2019-11-14 | CVE-2011-1488 | A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent within short periods of time. | Debian_linux, Opensuse, Rsyslog | N/A | ||
| 2017-08-06 | CVE-2017-12588 | The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact. | Rsyslog | 9.8 | ||
| 2017-07-25 | CVE-2015-3243 | rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron. | Rsyslog | 5.5 | ||
| 2014-11-01 | CVE-2014-3683 | Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634. | Rsyslog, Sysklogd | N/A | ||
| 2014-11-01 | CVE-2014-3634 | rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access. | Rsyslog, Sysklogd | N/A | ||
| 2013-10-04 | CVE-2013-4758 | Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response. | Rsyslog | N/A | ||
| 2008-12-17 | CVE-2008-5618 | imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 before 3.20.2 generates a message even when it is sent by an unauthorized sender, which allows remote attackers to cause a denial of service (disk consumption) via a large number of spurious messages. | Rsyslog | N/A | ||
| 2008-12-17 | CVE-2008-5617 | The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages. | Rsyslog | N/A |