Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Rsyslog
(Rsyslog)Repositories | https://github.com/rsyslog/rsyslog |
#Vulnerabilities | 17 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2014-11-01 | CVE-2014-3634 | rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access. | Rsyslog, Sysklogd | N/A | ||
2013-10-04 | CVE-2013-4758 | Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response. | Rsyslog | N/A | ||
2008-12-17 | CVE-2008-5618 | imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 before 3.20.2 generates a message even when it is sent by an unauthorized sender, which allows remote attackers to cause a denial of service (disk consumption) via a large number of spurious messages. | Rsyslog | N/A | ||
2008-12-17 | CVE-2008-5617 | The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages. | Rsyslog | N/A |