CVE-2024-0541

A vulnerability was found in Tenda W9 1.0.0.74456. It has been declared as critical. Affected by this vulnerability is the function formAddSysLogRule of the component httpd. The manipulation of the argument sysRulenEn leads to stack-based buffer overflow. The attack can be launched remotely. The...

NewStart CGSL MAIN 6.02 : rsyslog Vulnerability (NS-SA-2023-0075)

The remote NewStart CGSL host, running version MAIN 6.02, has rsyslog packages installed that are affected by a vulnerability: - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can...

CVE-2023-28616

An issue was discovered in Stormshield Network Security SNS before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends...

CVE-2023-28616

An issue was discovered in Stormshield Network Security SNS before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends...

CVE-2023-28616

An issue was discovered in Stormshield Network Security SNS before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends...

Code injection

An issue was discovered in Stormshield Network Security SNS before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends...

Stormshield Network Security Security Vulnerabilities

Stormshield Network Security is a next-generation UTM Unified Threat Management firewall from Stormshield France. A security vulnerability exists in Stormshield Network Security SNS versions prior to 4.3.17, prior to 4.6.4, and prior to 4.7.1, which originates when the serverd process logs...

CVE-2023-28616

Stormshield Network Security (SNS) is affected by CVE-2023-28616 in versions before 4.3.17, 4.4.x–4.6.x before 4.6.4, and 4.7.x before 4.7.1. The issue concerns user passwords containing an equals sign or space character; the serverd process logs such passwords in cleartext and may forward these ...

CVE-2023-28616

An issue was discovered in Stormshield Network Security SNS before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends...

The vulnerability of the RFC3164 analyzer in the Syslog-ng logging processing tool allows a attacker to trigger a service failure.

The vulnerability of the RFC3164 analyzer used by the Syslog-ng logging tool is related to a numerical overflow condition. Exploiting this vulnerability could allow an attacker to cause a service failure remotely...

PT-2023-21849 · Stormshield · Stormshield Network Security

Name of the Vulnerable Software and Affected Versions: Stormshield Network Security SNS versions 4.3.x through 4.3.16 Stormshield Network Security SNS versions 4.4.x through 4.6.x before 4.6.4 Stormshield Network Security SNS versions 4.7.x before 4.7.1 Description: The issue affects user account...

CVE-2022-38725 affecting package syslog-ng for versions less than 3.33.2-7

CVE-2022-38725 affecting package syslog-ng for versions less than 3.33.2-7. A patched version of the package is available...

How to Configure Advanced Syslog Integration Options

Purpose This article documents advanced configuration options for syslog integration with Veeam Backup & Replication, a new feature starting in version 12.1. Solution The following advanced configuration options are available: Add BOM Before MSG Field Add the Unicode byte order mask BOM before th...

Important Photon OS Security Update - PHSA-2023-3.0-0693

Updates of 'runc', 'syslog-ng' packages of Photon OS have been released...

DrayTek Vigor2960 Path Traversal Vulnerability

DrayTek Vigor2960 is a dual WAN broadband router/VPN gateway from China's DrayTek. A path traversal vulnerability exists in the Draytek Vigor2960 v1.5.1.4 , v1.5.1.5 versions, which stems from a vulnerable directory traversal attack on the option parameter in the mainfunction.cgi dumpSyslog,...

CVE-2023-46547

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSysLog...

Juniper Junos OS Vulnerability (JSA73145)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA73145 advisory. - An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue...

Important Photon OS Security Update - PHSA-2023-4.0-0494

Updates of 'binutils', 'syslog-ng' packages of Photon OS have been released...

The vulnerability of the FortiAnalyzer network firewall’s syslog server allows a hacker to send arbitrary messages to the server.

The vulnerability of the FortiAnalyzer network switch’s syslog server is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a malicious actor to send arbitrary messages to the server remotely...

Design/Logic Flaw

An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue causing a l2 loop resulting in a DDOS violations and DDOS syslog. This issue is triggered when Storm control is enabled and ICMP...