RHBA-2019:2501 Red Hat Bug Fix Advisory: rsyslog bug fix update

Bulletin has no description...

rsyslog Long Tag Off-By-Two Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'rsyslog Long Tag Off-By-Two DoS', 'Description' = %q This module triggers an off-by-two overflow in the rsyslog daemon. This flaw is unlikely to...

rsyslog: Heap Buffer Overflow

Background rsyslog is an enhanced multi-threaded syslogd with database support and more. Description Multiple vulnerabilities have been discovered in rsyslog. Please review the CVE identifiers referenced below for details. Impact Modules for TCP syslog reception have a heap buffer overflow when...

GLSA-202408-28 : rsyslog: Heap Buffer Overflow

The remote host is affected by the vulnerability described in GLSA-202408-28 rsyslog: Heap Buffer Overflow Multiple vulnerabilities have been discovered in rsyslog. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly from...

Photon OS 3.0: Rsyslog PHSA-2019-3.0-0036

An update of the rsyslog package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-3.0-0036. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2024-0853)

IBM SECURITY ADVISORY First Issued: Thu Jun 20 15:10:42 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curladvisory5.asc Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl CVE-2024-0853...

OPENSUSE-SU-2024:12059-1 rsyslog-8.2204.1-1.1 on GA media

These are all security issues fixed in the rsyslog-8.2204.1-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:10498-1 rsyslog-8.23.0-2.1 on GA media

These are all security issues fixed in the rsyslog-8.23.0-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11309-1 rsyslog-8.2106.0-1.2 on GA media

These are all security issues fixed in the rsyslog-8.2106.0-1.2 package on the GA media of openSUSE Tumbleweed...

RHEL 5 : rsyslog (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rsyslog: remote syslog PRI vulnerability CVE-2014-3634 Note that Nessus has not tested for this issue but has inste...

RHEL 6 : rsyslog (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c CVE-2019-17042 - An issue was...

ROS-20240403-16

A vulnerability in the TCP modules of the Rsyslog log processing software utility is related to writing outside the boundaries of the buffer in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer overflow in rsyslog [ CVE-2022-24903]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in rsyslog, caused by improper bounds checking by the TCP syslog server receiver components CVE-2022-24903. Rsyslog is used as a component of our Speech runtimes. This...

Advisory ROSA-SA-2024-2381

Software: rsyslog 8.1911.0 OS: ROSA Virtualization 2.1 packageevrstring: rsyslog-8.1911.0-6.0.1.rv3 CVE-ID: CVE-2022-24903 BDU-ID: 2022-04363 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the TCP modules of the Rsyslog log processing software utility is related to writing beyond buffer boundaries ...

CentOS 9 : rsyslog-8.2102.0-111.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the rsyslog-8.2102.0-111.el9 build changelog. - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted...

NewStart CGSL MAIN 6.02 : rsyslog Vulnerability (NS-SA-2023-0075)

The remote NewStart CGSL host, running version MAIN 6.02, has rsyslog packages installed that are affected by a vulnerability: - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can...

The vulnerability of the imptcp module in the Rsyslog log-processing software utility, which allows a intruder to trigger a service failure

The vulnerability of the imptcp module in the Rsyslog log-processing software is related to integer overflow. Exploiting this vulnerability allows a malicious actor to cause service failures remotely...

The vulnerabilities of the input/output modules in the Rsyslog software utility for logging processing allow a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the input/output modules of the Rsyslog log processing software is related to insufficient handling of the format string. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures...

Rocky Linux 9 : rsyslog (RLSA-2022:4795)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4795 advisory. - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used...

Ubuntu 16.04 ESM / 18.04 ESM : librelp vulnerability (USN-4828-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4828-1 advisory. It was discovered that librelp did not properly manage x509 certificates, leading to a stack-based buffer overflow. A remote attacker could possibly u...