CVE-2023-28616

An issue was discovered in Stormshield Network Security SNS before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends...

CVE-2023-28616

An issue was discovered in Stormshield Network Security SNS before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends...

CVE-2023-28616

An issue was discovered in Stormshield Network Security SNS before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends...

Code injection

An issue was discovered in Stormshield Network Security SNS before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends...

CVE-2023-28616

Stormshield Network Security (SNS) is affected by CVE-2023-28616 in versions before 4.3.17, 4.4.x–4.6.x before 4.6.4, and 4.7.x before 4.7.1. The issue concerns user passwords containing an equals sign or space character; the serverd process logs such passwords in cleartext and may forward these ...

Stormshield Network Security Security Vulnerabilities

Stormshield Network Security is a next-generation UTM Unified Threat Management firewall from Stormshield France. A security vulnerability exists in Stormshield Network Security SNS versions prior to 4.3.17, prior to 4.6.4, and prior to 4.7.1, which originates when the serverd process logs...

The vulnerability of the RFC3164 analyzer in the Syslog-ng logging processing tool allows a attacker to trigger a service failure.

The vulnerability of the RFC3164 analyzer used by the Syslog-ng logging tool is related to a numerical overflow condition. Exploiting this vulnerability could allow an attacker to cause a service failure remotely...

CVE-2023-28616

An issue was discovered in Stormshield Network Security SNS before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends...

PT-2023-21849 · Stormshield · Stormshield Network Security

Name of the Vulnerable Software and Affected Versions: Stormshield Network Security SNS versions 4.3.x through 4.3.16 Stormshield Network Security SNS versions 4.4.x through 4.6.x before 4.6.4 Stormshield Network Security SNS versions 4.7.x before 4.7.1 Description: The issue affects user account...

CVE-2022-38725 affecting package syslog-ng for versions less than 3.33.2-7

CVE-2022-38725 affecting package syslog-ng for versions less than 3.33.2-7. A patched version of the package is available...

How to Configure Advanced Syslog Integration Options

Purpose This article documents advanced configuration options for syslog integration with Veeam Backup & Replication, a new feature starting in version 12.1. Solution The following advanced configuration options are available: Add BOM Before MSG Field Add the Unicode byte order mask BOM before th...

Important Photon OS Security Update - PHSA-2023-3.0-0693

Updates of 'syslog-ng', 'runc' packages of Photon OS have been released...

DrayTek Vigor2960 Path Traversal Vulnerability

DrayTek Vigor2960 is a dual WAN broadband router/VPN gateway from China's DrayTek. A path traversal vulnerability exists in the Draytek Vigor2960 v1.5.1.4 , v1.5.1.5 versions, which stems from a vulnerable directory traversal attack on the option parameter in the mainfunction.cgi dumpSyslog,...

CVE-2023-46547

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSysLog...

Juniper Junos OS Vulnerability (JSA73145)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA73145 advisory. - An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue...

Important Photon OS Security Update - PHSA-2023-4.0-0494

Updates of 'binutils', 'syslog-ng' packages of Photon OS have been released...

The vulnerability of the FortiAnalyzer network firewall’s syslog server allows a hacker to send arbitrary messages to the server.

The vulnerability of the FortiAnalyzer network switch’s syslog server is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a malicious actor to send arbitrary messages to the server remotely...

Design/Logic Flaw

An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue causing a l2 loop resulting in a DDOS violations and DDOS syslog. This issue is triggered when Storm control is enabled and ICMP...

Fortinet FortiAnalyzer Data Forgery Issue Vulnerability

Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The product is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...

Design/Logic Flaw

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service DoS. PTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 wit...