Vulnerabilities > Rsyslog > Rsyslog > 3.17.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-06 | CVE-2022-24903 | Improper Validation of Specified Quantity in Input vulnerability in multiple products Rsyslog is a rocket-fast system for log processing. | 8.1 |
2019-11-14 | CVE-2011-1490 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. | 2.1 |
2019-11-14 | CVE-2011-1489 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. | 2.1 |
2019-11-14 | CVE-2011-1488 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. | 1.9 |
2019-01-25 | CVE-2018-16881 | Integer Overflow or Wraparound vulnerability in multiple products A denial of service vulnerability was found in rsyslog in the imptcp module. | 7.5 |
2017-08-06 | CVE-2017-12588 | Use of Externally-Controlled Format String vulnerability in Rsyslog The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact. | 7.5 |
2014-11-02 | CVE-2014-3683 | Numeric Errors vulnerability in multiple products Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. | 5.0 |
2014-11-02 | CVE-2014-3634 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access. | 7.5 |
2013-10-04 | CVE-2013-4758 | Resource Management Errors vulnerability in Rsyslog Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response. | 6.8 |