MiracleLinux 8 : rsyslog-8.2102.0-7.el8.1 (AXSA:2022-3666:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3666:04 advisory. rsyslog: Heap-based overflow in TCP syslog server CVE-2022-24903 Tenable has extracted the preceding description block directly from the MiracleLinux securit...

MiracleLinux 7 : rsyslog-8.24.0-57.el7.3 (AXSA:2022-3197:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3197:02 advisory. rsyslog: Heap-based overflow in TCP syslog server CVE-2022-24903 Tenable has extracted the preceding description block directly from the MiracleLinux securit...

EUVD-2019-7515

Malware in sbrugna...

EUVD-2008-5592

Malware in sbrugna...

EUVD-2011-1493

Malware in sbrugna...

EUVD-2017-4159

Malware in sbrugna...

EUVD-2011-4546

Malware in sbrugna...

EUVD-2019-7514

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-17042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to...

Alibaba Cloud Linux 3 : 0137: rsyslog (ALINUX3-SA-2022:0137)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0137 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-24903: Rsyslog is a rocket-fast system for...

Fedora 37 : rsyslog (2022-f2c4c83cc1)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-f2c4c83cc1 advisory. Automatic update for rsyslog-8.2204.0-1.fc37. Changelog Mon May 9 2022 Attila Lakatos - 8.2204.0-1 - rebase to 8.2204.0 resolves: rhbz1951970 - CVE-2022-2490...

SUSE CVE-2014-3634

rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service crash, possibly execute arbitrary code, or have other unspecified impact via a crafted priority PRI value that triggers an out-of-bounds array access...

Vulnerability fixed in rsyslog

The developers of rsyslog have fixed a vulnerability in rsyslog. A malicious party could exploit the vulnerability to cause a denial-of-service, or to potentially manipulate data manipulate and thus potentially inject false information into the central syslog environment. The developers do not ru...

rsyslog: Heap-based overflow in TCP syslog server

A flaw was found in rsyslog's reception TCP modules. This flaw allows an attacker to craft a malicious message leading to a heap-based buffer overflow. This issue allows the attacker to corrupt or access data stored in memory, leading to a denial of service in the rsyslog or possible remote code...

USN-5404-2 rsyslog vulnerability

USN-5404-1 addressed a vulnerability in Rsyslog. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Pieter Agten discovered that Rsyslog incorrectly handled certain requests. An attacker could possibly use this issue to cause a crash...

UBUNTU-CVE-2022-24903

Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code...

CVE-2011-1489

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message...

CVE-2011-1490

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message...

DEBIAN-CVE-2019-17040

contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled...

The vulnerability of the CentOS operating system allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the rsyslog-snmp-7.4.7 package on the CentOS operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. Exploitation of this vulnerability can be carried out remotely...