Debian: Security Advisory (DSA-5369-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-72-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-584-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-5369-1 : syslog-ng - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5369 advisory. - An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that i...

[SECURITY] [DSA 5369-1] syslog-ng security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5369-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 05, 2023 https://www.debian.org/security/faq -...

CVE-2022-38725 affecting package syslog-ng 3.23.1-3

CVE-2022-38725 affecting package syslog-ng 3.23.1-3. A patched version of the package is available...

Debian: Security Advisory (DLA-3348-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-3348-1 syslog-ng - security update

Bulletin has no description...

Debian dla-3348 : syslog-ng - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3348 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3348-1 [email protected] https://www.debian.org/lts/security/...

[SECURITY] [DLA 3348-1] syslog-ng security update

Debian LTS Advisory DLA-3348-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin March 01, 2023 https://wiki.debian.org/LTS Package : syslog-ng Version : 3.19.1-5+deb10u1 CVE ID : CVE-2022-38725 It was discovered that syslog-ng, a system logging daemon, had integer...

K42903299: rsyslog: remote syslog PRI vulnerability CVE-2014-3634

Security Advisory Description rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service crash, possibly execute arbitrary code, or have other unspecified impact via a crafted priority PRI value that triggers an out-of-bounds array...

SUSE CVE-2004-0623

Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog...

SUSE CVE-2005-1127

Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server Postgrey 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service crash via format string specifiers that are not properly handl...

SUSE CVE-2005-3912

Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service crash or memory consumption and possibly execute arbitrary code via format string specifiers in the usernam...

SUSE CVE-2006-0743

Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service memory corruption and termination via unknown vectors...

SUSE CVE-2007-6437

Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows remote attackers to cause a denial of service crash via a message with a timestamp that does not contain a trailing space, which triggers a NULL pointer dereference...

SUSE CVE-2008-3140

The syslog dissector in Wireshark formerly Ethereal 1.0.0 allows remote attackers to cause a denial of service application crash via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet."...

SUSE CVE-2008-3655

Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via 1 untracevar, 2...

SUSE CVE-2008-5110

syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9...

SUSE CVE-2011-0343

Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions 07777, which allows local users to read and write to these log files...