Vulnerabilities > Rsyslog

DATE CVE VULNERABILITY TITLE RISK
2022-05-06 CVE-2022-24903 Improper Validation of Specified Quantity in Input vulnerability in multiple products
Rsyslog is a rocket-fast system for log processing.
network
high complexity
rsyslog fedoraproject debian netapp CWE-1284
8.1
2019-11-14 CVE-2011-1490 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset.
local
low complexity
rsyslog debian opensuse CWE-772
5.5
2019-11-14 CVE-2011-1489 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset.
local
low complexity
rsyslog opensuse debian CWE-772
5.5
2019-11-14 CVE-2011-1488 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled.
local
low complexity
rsyslog opensuse debian CWE-772
5.5
2019-10-07 CVE-2019-17042 Improper Input Validation vulnerability in multiple products
An issue was discovered in Rsyslog v8.1908.0.
network
low complexity
rsyslog fedoraproject debian opensuse CWE-20
critical
9.8
2019-10-07 CVE-2019-17041 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Rsyslog v8.1908.0.
network
low complexity
rsyslog debian fedoraproject opensuse CWE-787
critical
9.8
2019-09-30 CVE-2019-17040 Out-of-bounds Read vulnerability in Rsyslog 8.1908.0
contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled.
network
low complexity
rsyslog CWE-125
critical
9.8
2019-01-25 CVE-2018-16881 Integer Overflow or Wraparound vulnerability in multiple products
A denial of service vulnerability was found in rsyslog in the imptcp module.
network
low complexity
rsyslog redhat debian CWE-190
7.5
2018-03-23 CVE-2018-1000140 Out-of-bounds Write vulnerability in multiple products
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution.
network
low complexity
rsyslog debian canonical redhat CWE-787
critical
9.8
2017-08-06 CVE-2017-12588 Use of Externally-Controlled Format String vulnerability in Rsyslog
The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact.
network
low complexity
rsyslog CWE-134
critical
9.8