Skip to main content

Rsyslog

9 CVEs product

Monthly

CVE-2022-24903 HIGH PATCH This Week

Rsyslog is a rocket-fast system for log processing. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

RCE Buffer Overflow Rsyslog Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
8.1
EPSS
3.8%
CVE-2019-17042 CRITICAL PATCH Act Now

An issue was discovered in Rsyslog v8.1908.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Cisco Rsyslog Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2019-17041 CRITICAL PATCH Act Now

An issue was discovered in Rsyslog v8.1908.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Rsyslog Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
9.8
EPSS
4.6%
CVE-2019-17040 CRITICAL PATCH Act Now

contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Rsyslog
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-12588 CRITICAL PATCH Act Now

The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rsyslog
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2015-3243 MEDIUM This Month

rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Rsyslog
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2014-3683 MEDIUM POC PATCH This Month

Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Rsyslog Sysklogd
NVD
CVSS 2.0
5.0
EPSS
2.9%
CVE-2014-3634 HIGH POC PATCH THREAT Act Now

rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 29.4%.

Denial Of Service RCE Buffer Overflow Sysklogd Rsyslog
NVD
CVSS 2.0
7.5
EPSS
29.4%
CVE-2013-4758 MEDIUM PATCH This Month

Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service Elastic RCE Rsyslog
NVD
CVSS 2.0
6.8
EPSS
1.2%
EPSS 4% CVSS 8.1
HIGH PATCH This Week

Rsyslog is a rocket-fast system for log processing. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

RCE Buffer Overflow Rsyslog +3
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Rsyslog v8.1908.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Cisco Rsyslog +3
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Rsyslog v8.1908.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Rsyslog +3
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Rsyslog
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rsyslog
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Rsyslog
NVD
EPSS 3% CVSS 5.0
MEDIUM POC PATCH This Month

Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Rsyslog Sysklogd
NVD
EPSS 29% CVSS 7.5
HIGH POC PATCH THREAT Act Now

rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 29.4%.

Denial Of Service RCE Buffer Overflow +2
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service Elastic RCE +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy