CVE-2024-4161 Syslog traffic sent in clear-text

In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could allow an unauthenticated, remote attacker to capture sensitive information...

CVE-2024-4161

CVE-2024-4161 affects Brocade SANnav prior to version 2.3.0, where syslog traffic is transmitted in clear text. This enables an unauthenticated, remote attacker to capture sensitive information via the syslog channel. The issue is documented across multiple sources (NVD/NVD, Red Hat, Broadcom adv...

Broadcom Brocade SANnav 安全漏洞

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A security vulnerability exists in Brocade SANnav versions prior to v2.3.0 that stems from syslog traffic receiving plaintext, which could allow an unauthenticated remote attacker to capture sensitive information...

Syslog traffic sent in clear-text (CVE-2024-4161)

In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic was received in clear text. This could allow an unauthenticated, remote attacker to capture sensitive information...

PT-2024-5142 · Brocade · Brocade Sannav

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.0 Description: The issue is related to the transmission of syslog traffic in clear text, which could allow an unauthenticated, remote attacker to capture sensitive information. This could potentially lead ...

ROS-20240408-05

RFC3164 analyzer vulnerability of Syslog-ng log processing utility is related to integer overflow. overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service denial of service...

Elspec G5 digital fault recorder security vulnerability

The Elspec G5 digital fault recorder is a digital fault recorder from Elspec, Israel, used to monitor and record fault events and waveform data in power systems. A security vulnerability exists in Elspec G5 digital fault recorder version 1.1.4.15 and prior versions, which can be exploited for...

openSUSE: Security Advisory for syslog (openSUSE-SU-2023:0040-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 9 : rsyslog-8.2102.0-111.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the rsyslog-8.2102.0-111.el9 build changelog. - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted...

CVE-2024-1354

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the syslog-ng configuration file. Exploitation of this vulnerability required access to the GitHub...

Command injection

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the syslog-ng configuration file. Exploitation of this vulnerability required access to the GitHub...

CVE-2024-1354 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the syslog-ng configuration file. Exploitation of this vulnerability required access to the GitHub...

CVE-2024-1354

CVE-2024-1354 describes a command-injection vulnerability in GitHub Enterprise Server where an attacker with editor privileges in the Management Console could escalate to admin SSH access via the syslog-ng configuration. The issue requires access to the GitHub Enterprise Server instance and Manag...

PT-2024-17967 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.12 Description: A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the...

Updated glibc packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argumen...

USN-6620-1: GNU C Library vulnerabilities

It was discovered that the GNU C Library incorrectly handled the syslog function call. A local attacker could use this issue to execute arbitrary code and possibly escalate privileges...

Ubuntu 23.10 : GNU C Library vulnerabilities (USN-6620-1)

The remote Ubuntu 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6620-1 advisory. It was discovered that the GNU C Library incorrectly handled the syslog function call. A local attacker could use this issue to execute arbitrary code and...

CVE-2023-6246

A heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name the basename of...

AZL-34735 CVE-2023-6246 affecting package glibc for versions less than 2.38-6

A heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name the basename of...

DEBIAN-CVE-2023-6779

An off-by-one heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INTMAX bytes, leading to an incorrect calculation of t...