MiracleLinux 8 : rsyslog-8.2102.0-7.el8.1 (AXSA:2022-3666:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3666:04 advisory. rsyslog: Heap-based overflow in TCP syslog server CVE-2022-24903 Tenable has extracted the preceding description block directly from the MiracleLinux securit...

MiracleLinux 9 : rsyslog-8.2102.0-101.el9.1 (AXSA:2022-3974:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3974:05 advisory. rsyslog: Heap-based overflow in TCP syslog server CVE-2022-24903 Tenable has extracted the preceding description block directly from the MiracleLinux securit...

Alibaba Cloud Linux 3 : 0137: rsyslog (ALINUX3-SA-2022:0137)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0137 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-24903: Rsyslog is a rocket-fast system for...

Advisory ROSA-SA-2024-2381

Software: rsyslog 8.1911.0 OS: ROSA Virtualization 2.1 packageevrstring: rsyslog-8.1911.0-6.0.1.rv3 CVE-ID: CVE-2022-24903 BDU-ID: 2022-04363 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the TCP modules of the Rsyslog log processing software utility is related to writing beyond buffer boundaries ...

CentOS 9 : rsyslog-8.2102.0-111.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the rsyslog-8.2102.0-111.el9 build changelog. - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted...

NewStart CGSL MAIN 6.02 : rsyslog Vulnerability (NS-SA-2023-0075)

The remote NewStart CGSL host, running version MAIN 6.02, has rsyslog packages installed that are affected by a vulnerability: - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can...

Rocky Linux 9 : rsyslog (RLSA-2022:4795)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4795 advisory. - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used...

EulerOS Virtualization 3.0.2.0 : rsyslog (EulerOS-SA-2023-1692)

According to the versions of the rsyslog packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when...

NewStart CGSL CORE 5.05 / MAIN 5.05 : rsyslog Vulnerability (NS-SA-2023-0028)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has rsyslog packages installed that are affected by a vulnerability: - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is use...

CBL Mariner 2.0 Security Update: rsyslog (CVE-2022-24903)

The version of rsyslog installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-24903 advisory. - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap...

Amazon Linux 2023 : rsyslog, rsyslog-crypto, rsyslog-elasticsearch (ALAS2023-2023-001)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-001 advisory. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use...

Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2023-1291)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.2 : rsyslog (EulerOS-SA-2023-1291)

According to the versions of the rsyslog packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a...

Security Bulletin: IBM Security Verify Access Appliance includes components with known vulnerabilities

Summary Multiple Security Vulnerabilities were found in the IBM Security Verify Access ISVA Appliance Operating System layer. These vulnerabilities have been addressed in ISVA 10.0.5.0, which is linked below. Vulnerability Details CVEID:CVE-2022-2526 DESCRIPTION: systemd could allow a remote...

NewStart CGSL CORE 5.04 / MAIN 5.04 : rsyslog Vulnerability (NS-SA-2022-0103)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has rsyslog packages installed that are affected by a vulnerability: - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is use...

Amazon Linux 2022 : rsyslog (ALAS2022-2022-211)

The version of rsyslog installed on the remote host is prior to 8.2204.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-211 advisory. - rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of...

AlmaLinux 9 : rsyslog (ALSA-2022:4795)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:4795 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. T...

CVE-2022-24903: A flaw in rsyslog TCP module could allows an attacker to craft a malicious message leading to a heap-based buffer overflow.

Rsyslog is vulnerable to remote code execution RCE due to improper validation of input data when octet-counted framing is used. An attacker could exploit this vulnerability by supplying a system with maliciously crafted messages. Products Affected. Brocade SANnav - Fixed in Brocade SANnav 2.2.1...

Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2022-2633)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.6.0 : rsyslog (EulerOS-SA-2022-2587)

According to the versions of the rsyslog packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when...