Vulnerabilities > Rsyslog

DATE CVE VULNERABILITY TITLE RISK
2019-11-14 CVE-2011-1490 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset.
local
low complexity
rsyslog debian opensuse CWE-772
2.1
2019-11-14 CVE-2011-1489 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset.
local
low complexity
rsyslog opensuse debian CWE-772
2.1
2019-11-14 CVE-2011-1488 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled.
1.9
2019-10-07 CVE-2019-17042 Classic Buffer Overflow vulnerability in Rsyslog 8.1908.0
An issue was discovered in Rsyslog v8.1908.0.
network
low complexity
rsyslog CWE-120
7.5
2019-10-07 CVE-2019-17041 Classic Buffer Overflow vulnerability in Rsyslog 8.1908.0
An issue was discovered in Rsyslog v8.1908.0.
network
low complexity
rsyslog CWE-120
7.5
2019-09-30 CVE-2019-17040 Out-of-bounds Read vulnerability in Rsyslog 8.1908.0
contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled.
network
low complexity
rsyslog CWE-125
7.5
2019-01-25 CVE-2018-16881 Integer Overflow or Wraparound vulnerability in multiple products
A denial of service vulnerability was found in rsyslog in the imptcp module.
network
low complexity
rsyslog redhat CWE-190
5.0
2018-03-23 CVE-2018-1000140 Out-of-bounds Write vulnerability in multiple products
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution.
network
low complexity
rsyslog debian canonical redhat CWE-787
7.5
2017-08-06 CVE-2017-12588 Use of Externally-Controlled Format String vulnerability in Rsyslog
The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact.
network
low complexity
rsyslog CWE-134
7.5
2017-07-25 CVE-2015-3243 Information Exposure Through Log Files vulnerability in Rsyslog
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.
local
low complexity
rsyslog CWE-532
2.1