Oracle Linux 7 : rsyslog (ELSA-2019-2110)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-2110 advisory. 8.24.0-38.0.2 - Newer gcc complains about implicit declaration of prctl. Added header file to quiesce the compiler 8.24.0-38 RHEL 7.7 ERRATUM - added patch...

Oracle Linux 8 : rsyslog (ELSA-2020-1702)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1702 advisory. 8.1911.0-3 RHEL 8.2.0 ERRATUM - added patch reverting rejecting expired certs by default resolves: rhbz1782353 - added patch silencing false errors on...

Oracle Linux 7 : rsyslog (ELSA-2020-1000)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1000 advisory. 8.24.0-52 RHEL 7.8 ERRATUM - edited patch file ID for imfile to not log useless errors also improved file-id behavior to adress newly found problems...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.7)

The version of AOS installed on the remote host is prior to 6.7. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.7 advisory. - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.6.2.6)

The version of AOS installed on the remote host is prior to 6.6.2.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.6.2.6 advisory. - Integer underflow in grubnetrecvip4packets; A malicious crafted IP packet can lead to an integer underflow in...

Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2023-1692)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.0 : rsyslog (EulerOS-SA-2023-1692)

According to the versions of the rsyslog packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when...

NewStart CGSL CORE 5.05 / MAIN 5.05 : rsyslog Vulnerability (NS-SA-2023-0028)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has rsyslog packages installed that are affected by a vulnerability: - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is use...

CBL Mariner 2.0 Security Update: rsyslog (CVE-2022-24903)

The version of rsyslog installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-24903 advisory. - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap...

Important: rsyslog

Issue Overview: A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially in rsyslog 7.x, execute arbitrary...

Amazon Linux 2023 : rsyslog, rsyslog-crypto, rsyslog-elasticsearch (ALAS2023-2023-001)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-001 advisory. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use...

Debian: Security Advisory (DLA-72-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

scap-security-guide bug fix and enhancement update

An update is available for scap-security-guide. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The scap-security-guide project provides a guide for configuratio...

scap-security-guide bug fix and enhancement update

An update is available for scap-security-guide. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The scap-security-guide project provides a guide for configuratio...

K84884003: rsyslog vulnerability CVE-2019-17040

Security Advisory Description contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled. CVE-2019-17040 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has...

K25092613: rsyslog vulnerability CVE-2018-1000140

Security Advisory Description rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigg...

K42903299: rsyslog: remote syslog PRI vulnerability CVE-2014-3634

Security Advisory Description rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service crash, possibly execute arbitrary code, or have other unspecified impact via a crafted priority PRI value that triggers an out-of-bounds array...

K12213311: Rsyslog v8.1908.0.0 vulnerability CVE-2019-17041

Security Advisory Description An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter in this case, a space or a colon but fails to account for strings...

K39081000: Rsyslog vulnerability CVE-2019-17042

Security Advisory Description An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter in this case, a space or a colon, but fails to account for strings that do n...

SUSE CVE-2008-5617

The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages...