CVSS: 9.8EPSS: 6%CPEs: 26EXPL: 1CVE-2014-3683 – Mandriva Linux Security Advisory 2014-196
https://notcve.org/view.php?id=CVE-2014-3683
09 Oct 2014 — Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634. Desbordamiento de enteros en rsyslog anterior a 7.6.7 y 8.x anterior a 8.4.2 y sysklogd 1.5 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) a través de un valor de prioridad (PRI) grande. NOTA: esta vulnerabilid... • http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 16%CPEs: 25EXPL: 1CVE-2014-3634 – rsyslog: remote syslog PRI vulnerability
https://notcve.org/view.php?id=CVE-2014-3634
01 Oct 2014 — rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access. rsyslog anterior a 7.6.6 y 8.x anterior a 8.4.1 y sysklogd 1.5 y anteriores permiten a atacantes remotos causar una denegación de servicio (caída), posiblemente ejecutar código arbitrario o tener otro impacto no especificado a través... • http://advisories.mageia.org/MGASA-2014-0411.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •