Bazsi

**Name of the Vulnerable Software and Affected Versions** One Identity syslog-ng versions 3.0 through 3.37 syslog-ng Premium Edition version 7.0.30 syslog-ng Store Box version 6.10.0 **Description** The issue is related to an integer overflow in the RFC3164 parser, which can be exploited by remote attackers to cause a Denial of Service. This can be achieved via crafted syslog input that is mishandled by the `tcp` or `network` function. **Recommendations** For One Identity syslog-ng versions 3.0 through 3.37, consider disabling the RFC3164 parser until a patch is available. For syslog-ng Premium Edition version 7.0.30, restrict access to the `tcp` and `network` functions to minimize the risk of exploitation. For syslog-ng Store Box version 6.10.0, avoid using the affected RFC3164 parser in the syslog input handling process until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Debian GNU/Linux kernel versions 2.4.27 (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in the Debian GNU/Linux kernel, which can lead to a disruption of protected information. These vulnerabilities can be exploited remotely. Specifically, an array index overflow in the xfrm sk policy insert function in xfrm user.c in Linux kernel 2.6 allows local users to cause a denial of service and possibly execute arbitrary code via a p->dir value that is larger than XFRM POLICY OUT. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.