SUSE-SU-2020:14369-1 Security update for syslog-ng

This update for syslog-ng fixes the following issues: - CVE-2020-8019: Fixed a local privilege escalation during package update bsc1169385...

syslog-ng UNIX Symbolic Link (Symlink) Vulnerability in Multiple SUSE Products

openSUSE and SUSE Linux Enterprise Server are both products of the German company SUSE. openSUSE is a set of Linux-based free operating systems and open source community projects. openSUSE Linux Enterprise Server is a set of enterprise server version of the Linux operating system. A security...

SUSE-SU-2020:1221-1 Security update for syslog-ng

This update for syslog-ng fixes the following issues: - CVE-2020-8019: Fixed a local privilege escalation during package update bsc1169385...

Moderate: Red Hat Security Advisory: rsyslog security, bug fix, and enhancement update

An update for rsyslog is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CVE-2020-12134

Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishandle access control for the syslog log...

CVE-2020-12134

Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishandle access control for the syslog log...

Code injection

Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishandle access control for the syslog log...

CVE-2020-12134

Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishandle access control for the syslog log...

CVE-2020-12134

CVE-2020-12134 affects Nanometrics Centaur (<= 4.3.23) and TitanSMA (

Advantech WebAccess/NMS getSyslogUiList SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the processi...

systemd: out-of-bounds read when parsing a crafted syslog message

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data...

Moderate: Red Hat Security Advisory: rsyslog security, bug fix, and enhancement update

An update for rsyslog is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Multiple Yamaha network devices vulnerable to denial-of-service (DoS)

Overview Multiple network devices provided by Yamaha Corporation contain a denial-of-service DoS vulnerability. NIWA Naoya of Amano Lab, Dept. of Information and Computer Science, Faculty of Science and Technology, Keio University reported this vulnerability to IPA. JPCERT/CC coordinated with the...

systemd: out-of-bounds read when parsing a crafted syslog message

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data...

Nanometrics Centaur 4.3.23 Memory Leak

Exploit Title: Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak Date: 2020-02-15 Author: byteGoblin Vendor: https://www.nanometrics.ca Product: https://www.nanometrics.ca/products/accelerometers/titan-sma Product:...

CVE-2014-2225

Multiple cross-site request forgery CSRF vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that 1 create a new admin user via a request to api/add/admin; 2 have unspecified impact via a request to...

CVE-2010-4658

statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks...

Design/Logic Flaw

statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks...

CVE-2010-4658

CVE-2010-4658 affects StatusNet (through 2010) and relates to a vulnerability where an attacker can spoof syslog messages via newline injection. The available records describe the underlying issue as a newline-injection weakness that enables log spoofing, but there are no detailed exploit vectors...

CVE-2010-4658

statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks...