IDCVSSSummaryLast (major) updatePublished
CVE-2018-16881 5.0
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.
25-01-2019 - 13:29 25-01-2019 - 13:29
CVE-2017-12588 7.5
The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact.
06-08-2017 - 10:29 06-08-2017 - 10:29
CVE-2015-3243 2.1
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.
25-07-2017 - 14:29 25-07-2017 - 14:29
CVE-2014-3683 5.0
Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix fo
17-10-2016 - 23:44 01-11-2014 - 20:55
CVE-2014-3634 7.5
rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an
17-10-2016 - 23:44 01-11-2014 - 20:55
CVE-2013-4758 6.8
Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash
07-10-2013 - 10:29 04-10-2013 - 13:55
CVE-2011-4623 2.1
Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which tri
26-09-2012 - 00:00 25-09-2012 - 19:55
CVE-2011-3200 5.0
Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service (application exit) via a long TAG in a leg
22-09-2011 - 23:34 06-09-2011 - 12:55
CVE-2008-5617 8.5
The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.
14-05-2009 - 01:31 16-12-2008 - 21:30
CVE-2008-5618 5.0
imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 before 3.20.2 generates a message even when it is sent by an unauthorized sender, which allows remote attackers to cause a denial of service (disk consumption) via a large number of
17-12-2008 - 00:00 16-12-2008 - 21:30
CVE-2005-3074 7.5
SQL injection vulnerability in rsyslogd in RSyslog before 1.0.1 and before 1.10.1 allows remote attackers to execute arbitrary SQL commands via crafted syslog messages.
05-09-2008 - 16:53 27-09-2005 - 15:03
Back to Top Mark selected
Back to Top