Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
syslog-ng vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-1200
Balabit Syslog-NG 1.4.x prior to 1.4.15, and 1.5.x prior to 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote malicious users to cause a denial of serv...
Oneidentity Syslog-ng 1.4.0
Oneidentity Syslog-ng 1.4.7
Oneidentity Syslog-ng 1.4.8
Oneidentity Syslog-ng 1.4.9
Oneidentity Syslog-ng 1.4.10
Oneidentity Syslog-ng 1.4.15
Oneidentity Syslog-ng 1.5.15
Oneidentity Syslog-ng 1.5.20
NA
CVE-2011-0343
Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to t...
Oneidentity Syslog-ng 2.0
Oneidentity Syslog-ng 3.0
Oneidentity Syslog-ng 3.1
Oneidentity Syslog-ng 3.2
NA
CVE-2000-1165
Balabit syslog-ng allows remote malicious users to cause a denial of service (application crash) via a malformed log message that does not have a closing > in the priority specifier.
Balabit Syslog-ng
Balabit Syslog-ng 1.4.7
Balabit Syslog-ng 1.4.8
7.5
CVSSv3
CVE-2022-38725
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 up to and including 3.37 allows remote malicious users to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng S...
Oneidentity Syslog-ng Store Box
Oneidentity Syslog-ng
NA
CVE-2007-6437
Balabit syslog-ng 2.0.x prior to 2.0.6 and 2.1.x prior to 2.1.8 allows remote malicious users to cause a denial of service (crash) via a message with a timestamp that does not contain a trailing space, which triggers a NULL pointer dereference.
Balabit Syslog-ng Premium Edition
Balabit Syslog-ng Open Source Edition
NA
CVE-2011-1951
lib/logmatcher.c in Balabit syslog-ng prior to 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote malicious users to cause a denial of service (memory consumption) via a message that does not match a regular expression.
Oneidentity Syslog-ng
NA
CVE-2008-5110
syslog-ng does not call chdir when it calls chroot, which might allow malicious users to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9.
Oneidentity Syslog-ng
7.8
CVSSv3
CVE-2020-8019
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Ente...
Oneidentity Syslog-ng
7.5
CVSSv3
CVE-2021-34598
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active
Phoenixcontact Fl Mguard 1102 Firmware 1.4.1
Phoenixcontact Fl Mguard 1102 Firmware 1.5.0
Phoenixcontact Fl Mguard 1102 Firmware 1.4.0
Phoenixcontact Fl Mguard 1105 Firmware 1.4.0
Phoenixcontact Fl Mguard 1105 Firmware 1.4.1
Phoenixcontact Fl Mguard 1105 Firmware 1.5.0
7.2
CVSSv3
CVE-2022-37108
An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an application user with the "Manage Ingesters" permission to execute arbitrary code on remote ingesters by appending arbitrary text to text files that are executed by the sys...
Securonix Snypr 6.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »