Vulnerabilities > Rsyslog

DATE CVE VULNERABILITY TITLE RISK
2017-07-25 CVE-2015-3243 Information Exposure Through Log Files vulnerability in Rsyslog
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.
local
low complexity
rsyslog CWE-532
2.1
2014-11-02 CVE-2014-3683 Numeric Errors vulnerability in multiple products
Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value.
network
low complexity
rsyslog sysklogd-project CWE-189
5.0
2014-11-02 CVE-2014-3634 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.
network
low complexity
sysklogd-project rsyslog CWE-119
7.5
2013-10-04 CVE-2013-4758 Resource Management Errors vulnerability in Rsyslog
Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response.
network
rsyslog CWE-399
6.8
2008-12-17 CVE-2008-5618 Denial-Of-Service vulnerability in RSyslog
imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 before 3.20.2 generates a message even when it is sent by an unauthorized sender, which allows remote attackers to cause a denial of service (disk consumption) via a large number of spurious messages.
network
low complexity
rsyslog
5.0
2008-12-17 CVE-2008-5617 Permissions, Privileges, and Access Controls vulnerability in Rsyslog
The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.
network
low complexity
rsyslog CWE-264
8.5
2005-09-27 CVE-2005-3074 SQL-Injection vulnerability in Rsyslogd
SQL injection vulnerability in rsyslogd in RSyslog before 1.0.1 and before 1.10.1 allows remote attackers to execute arbitrary SQL commands via crafted syslog messages.
network
low complexity
rsyslog
7.5