CVE-2020-8019 syslog-ng: Local privilege escalation from new to root in %post

A UNIX Symbolic Link Symlink Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server...

CVE-2020-8019

CVE-2020-8019 is a local privilege escalation vulnerability in the packaging of syslog-ng across multiple SUSE products (Debuginfo 11-SP3/11-SP4, Legacy Software 12, POS 11-SP3, Server 11-SP4-LTSS, Server for SAP 12-SP1, openSUSE backports/leap 15.1). The root cause is a UNIX Symbolic Link (Symli...

CVE-2020-13881

In support.c in pamtacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used...

CVE-2020-13881

In support.c in pamtacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used...

Code injection

In support.c in pamtacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used...

CVE-2020-13881

In support.c in pamtacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used...

UBUNTU-CVE-2020-13881

In support.c in pamtacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used...

CVE-2020-13881

In support.c in pamtacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used...

CVE-2020-13881

CVE-2020-13881 affects pam_tacplus where the TACACS+ shared secret is logged via journald/syslog when DEBUG is enabled. The initial description notes logging of the shared secret for versions 1.3.8–1.5.1. Connected advisories confirm affected packages and provide remediation: Debian/Ubuntu adviso...

CVE-2020-13881

Removed by vendor...

Cisco Identity Services Engine Denial of Service Vulnerability (CNVD-2020-36263)

Cisco Identity Services Engine ISE is an identity-based environment awareness platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. A denial of service...

CVE-2020-3353

A vulnerability in the syslog processing engine of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a race condition that may occur when syslog messages are processed. A...

CVE-2020-3353

A vulnerability in the syslog processing engine of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a race condition that may occur when syslog messages are processed. A...

Race condition

A vulnerability in the syslog processing engine of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a race condition that may occur when syslog messages are processed. A...

CVE-2020-3353 Cisco Identity Services Engine Denial of Service Vulnerability

A vulnerability in the syslog processing engine of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a race condition that may occur when syslog messages are processed. A...

CVE-2020-3353

Cisco Identity Services Engine (ISE) is vulnerable to a DoS via a race condition in the syslog processing engine. An unauthenticated, remote attacker can trigger a flood of syslog messages, causing the Application Server process to crash and the device to enter a DoS state. Affected ISE versions ...

CVE-2020-3353 Cisco Identity Services Engine Denial of Service Vulnerability

A vulnerability in the syslog processing engine of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a race condition that may occur when syslog messages are processed. A...

Cisco Identity Services Engine Denial of Service Vulnerability

A vulnerability in the syslog processing engine of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a race condition that may occur when syslog messages are processed. A...

Fedora 31 : clamav (2020-b0acd7b66e)

ClamAV 0.102.3 is a bug patch release to address the following issues. - CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that could cause a Denial-of-Service DoS condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read whi...

SUSE SLES12 Security Update : syslog-ng (SUSE-SU-2020:1221-1)

This update for syslog-ng fixes the following issues : CVE-2020-8019: Fixed a local privilege escalation during package update bsc1169385. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to...