14 matches found
EUVD-2008-5089
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2022-38725
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog inp...
CBL Mariner 2.0 Security Update: syslog-ng (CVE-2024-47619)
The version of syslog-ng installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47619 advisory. - syslog-ng is an enhanced log daemo. Prior to version 4.8.2, tlswildcardmatch matches on certificates such...
CVE-2024-47619 affecting package syslog-ng for versions less than 4.3.1-3
CVE-2024-47619 affecting package syslog-ng for versions less than 4.3.1-3. A patched version of the package is available...
AZL-61731 CVE-2024-47619 affecting package syslog-ng for versions less than 3.33.2-8
syslog-ng is an enhanced log daemo. Prior to version 4.8.2, tlswildcardmatch matches on certificates such as foo..bar although that is not allowed. It is also possible to pass partial wildcards such as foo.ac.bar which glib matches but should be avoided / invalidated. This issue could have an...
CVE-2024-47619 tranport: TLS host name wildcard matching too lax
syslog-ng is an enhanced log daemo. Prior to version 4.8.2, tlswildcardmatch matches on certificates such as foo..bar although that is not allowed. It is also possible to pass partial wildcards such as foo.ac.bar which glib matches but should be avoided / invalidated. This issue could have an...
CVE-2024-47619 tranport: TLS host name wildcard matching too lax
syslog-ng is an enhanced log daemo. Prior to version 4.8.2, tlswildcardmatch matches on certificates such as foo..bar although that is not allowed. It is also possible to pass partial wildcards such as foo.ac.bar which glib matches but should be avoided / invalidated. This issue could have an...
AZL-35289 CVE-2022-38725 affecting package syslog-ng for versions less than 4.3.1-2
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected...
syslog-ng UNIX Symbolic Link (Symlink) Vulnerability in Multiple SUSE Products
openSUSE and SUSE Linux Enterprise Server are both products of the German company SUSE. openSUSE is a set of Linux-based free operating systems and open source community projects. openSUSE Linux Enterprise Server is a set of enterprise server version of the Linux operating system. A security...
CVE-2008-5110
syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9...
Debian DSA-175-1 : syslog-ng - buffer overflow
Balazs Scheidler discovered a problem in the way syslog-ng handles macro expansion. When a macro is expanded a static length buffer is used accompanied by a counter. However, when constant characters are appended, the counter is not updated properly, leading to incorrect boundary checking. An...
[SECURITY] [DSA 175-1] New syslog-ng packages fix buffer overflow
-------------------------------------------------------------------------- Debian Security Advisory DSA 175-1 [email protected] http://www.debian.org/security/ Martin Schulze October 15th, 2002 http://www.debian.org/security/faq -...
FreeBSD-SA-01:02.syslog-ng
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:02 Security Advisory FreeBSD, Inc. Topic: syslog-ng remote denial-of-service Category: ports Module: syslog-ng Announced: 2001-01-15 Credits: Balazs Scheidler Affects:...
DoS possibility in syslog-ng
BalaBit security advisory Advisory ID: BB-2000/01 Package: syslog-ng Versions affected: versions prior to and including 1.4.8 Problem type: remote DoS attack Date: 2000-11-22 1 Background syslog-ng is a portable syslog implementation. Its highlights include regexp based log selection, TCP transpo...