Vulnerabilities > Rsyslog
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-25 | CVE-2015-3243 | Information Exposure Through Log Files vulnerability in Rsyslog rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron. | 2.1 |
| 2014-11-02 | CVE-2014-3683 | Numeric Errors vulnerability in multiple products Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. | 5.0 |
| 2014-11-02 | CVE-2014-3634 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access. | 7.5 |
| 2013-10-04 | CVE-2013-4758 | Resource Management Errors vulnerability in Rsyslog Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response. | 6.8 |
| 2008-12-17 | CVE-2008-5618 | Denial-Of-Service vulnerability in RSyslog imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 before 3.20.2 generates a message even when it is sent by an unauthorized sender, which allows remote attackers to cause a denial of service (disk consumption) via a large number of spurious messages. | 5.0 |
| 2008-12-17 | CVE-2008-5617 | Permissions, Privileges, and Access Controls vulnerability in Rsyslog The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages. | 8.5 |
| 2005-09-27 | CVE-2005-3074 | SQL-Injection vulnerability in Rsyslogd SQL injection vulnerability in rsyslogd in RSyslog before 1.0.1 and before 1.10.1 allows remote attackers to execute arbitrary SQL commands via crafted syslog messages. | 7.5 |