Vulnerabilities > Rsyslog > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-06 | CVE-2022-24903 | Improper Validation of Specified Quantity in Input vulnerability in multiple products Rsyslog is a rocket-fast system for log processing. | 8.1 |
| 2019-01-25 | CVE-2018-16881 | Integer Overflow or Wraparound vulnerability in multiple products A denial of service vulnerability was found in rsyslog in the imptcp module. | 7.5 |
| 2017-08-06 | CVE-2017-12588 | Use of Externally-Controlled Format String vulnerability in Rsyslog The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact. | 7.5 |
| 2014-11-02 | CVE-2014-3634 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access. | 7.5 |
| 2008-12-17 | CVE-2008-5617 | Permissions, Privileges, and Access Controls vulnerability in Rsyslog The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages. | 8.5 |
| 2005-09-27 | CVE-2005-3074 | SQL-Injection vulnerability in Rsyslogd SQL injection vulnerability in rsyslogd in RSyslog before 1.0.1 and before 1.10.1 allows remote attackers to execute arbitrary SQL commands via crafted syslog messages. | 7.5 |