pkg:Debian/rsyslog

All known vulnerabilities

• CRITICAL9.8CVE-2019-17042An issue was discovered in Rsyslog v8.1908.0.
  from 0, < 8.1910.0-1
• CRITICAL9.8CVE-2019-17041rsyslog - security update
  from 0, < 8.24.0-1+deb9u1
• CRITICAL9.8CVE-2019-17041rsyslog - security update
  from 0, < 8.4.2-1+deb8u3
• CRITICAL9.8rsyslog - security update
  from 0, < 8.1910.0-1
• CRITICAL9.8contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled.
  from 0, < 8.1910.0-1
• CRITICAL9.8The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format str…
  from 0, < 8.28.0-1
• HIGH8.1rsyslog - security update
  from 0, < 8.2102.0-2+deb11u1
• HIGH8.1rsyslog - security update
  from 0, < 8.1901.0-1+deb10u2
• HIGH7.5rsyslog - security update
  from 0, < 8.27.0-2
• HIGH7.5rsyslog - security update
  from 0, < 8.24.0-1+deb9u2
• MEDIUM5.5A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and so…
  from 0, < 5.7.6-1
• MEDIUM5.5A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and s…
  from 0, < 5.7.6-1
• MEDIUM5.5A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled.
  from 0, < 5.7.6-1
• MEDIUM5.5rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/l…
  from 0
• —rsyslog - security update
  from 0, < 8.4.2-1
• —rsyslog - security update
  from 0, < 5.8.11-3+deb7u2
• —rsyslog - security update
  from 0, < 5.8.11-3+deb7u1
• —rsyslog - security update
  from 0, < 8.4.1-1
• —rsyslog - security update
  from 0, < 4.6.4-2+deb6u1
• —Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4,…
  from 0, < 5.7.4-1
• —Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 thr…
  from 0, < 5.8.5-1
• —imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 before 3.20.2 generates a message even when it is sent by an unauthori…
  from 0, < 3.18.6-1
• —The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to b…
  from 0, < 3.18.6-1