VYPR

rpm package

opensuse/rsyslog&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/rsyslog&distro=openSUSE%20Tumbleweed

Vulnerabilities (8)

  • CVE-2022-24903May 5, 2022
    affected < 8.2204.1-1.1fixed 8.2204.1-1.1

    Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for

  • CVE-2015-3243MedJul 25, 2017
    affected < 8.2106.0-1.2fixed 8.2106.0-1.2

    rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.

  • CVE-2014-3683Nov 2, 2014
    affected < 8.23.0-2.1fixed 8.23.0-2.1

    Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.

  • CVE-2014-3634Nov 2, 2014
    affected < 8.23.0-2.1fixed 8.23.0-2.1

    rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.

  • CVE-2013-6371Apr 22, 2014
    affected < 8.23.0-2.1fixed 8.23.0-2.1

    The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.

  • CVE-2013-6370Apr 22, 2014
    affected < 8.23.0-2.1fixed 8.23.0-2.1

    Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.

  • CVE-2013-4758Oct 4, 2013
    affected < 8.23.0-2.1fixed 8.23.0-2.1

    Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitra

  • CVE-2011-3200Sep 6, 2011
    affected < 8.23.0-2.1fixed 8.23.0-2.1

    Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service (application exit) via a long TAG in a legacy syslog message.