Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/syslog-ng@2.0.9-4.1
Typedeb
Namespacedebian
Namesyslog-ng
Version2.0.9-4.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.38.1-5+deb12u1
Latest_non_vulnerable_version3.38.1-5+deb12u1
Affected_by_vulnerabilities
0
url VCID-1gf1-xw2a-dqgq
vulnerability_id VCID-1gf1-xw2a-dqgq
summary 
This GLSA contains notification of vulnerabilities found in several
    Gentoo packages which have been fixed prior to January 1, 2012. The worst
    of these vulnerabilities could lead to local privilege escalation and
    remote code execution. Please see the package list and CVE identifiers
    below for more information.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-1951
reference_id
reference_type
scores
0
value 0.01548
scoring_system epss
scoring_elements 0.81342
published_at 2026-04-01T12:55:00Z
1
value 0.01548
scoring_system epss
scoring_elements 0.81351
published_at 2026-04-02T12:55:00Z
2
value 0.01548
scoring_system epss
scoring_elements 0.81374
published_at 2026-04-04T12:55:00Z
3
value 0.01548
scoring_system epss
scoring_elements 0.81371
published_at 2026-04-07T12:55:00Z
4
value 0.01548
scoring_system epss
scoring_elements 0.814
published_at 2026-04-08T12:55:00Z
5
value 0.01548
scoring_system epss
scoring_elements 0.81404
published_at 2026-04-09T12:55:00Z
6
value 0.01548
scoring_system epss
scoring_elements 0.81425
published_at 2026-04-11T12:55:00Z
7
value 0.01548
scoring_system epss
scoring_elements 0.81413
published_at 2026-04-12T12:55:00Z
8
value 0.01548
scoring_system epss
scoring_elements 0.81406
published_at 2026-04-13T12:55:00Z
9
value 0.01548
scoring_system epss
scoring_elements 0.81443
published_at 2026-04-16T12:55:00Z
10
value 0.01548
scoring_system epss
scoring_elements 0.81444
published_at 2026-04-18T12:55:00Z
11
value 0.01548
scoring_system epss
scoring_elements 0.81445
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-1951
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1951
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1951
2
reference_url https://security.gentoo.org/glsa/201412-09
reference_id GLSA-201412-09
reference_type
scores
url https://security.gentoo.org/glsa/201412-09
fixed_packages
0
url pkg:deb/debian/syslog-ng@3.3.5-4
purl pkg:deb/debian/syslog-ng@3.3.5-4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xzy-xag3-5ybt
1
vulnerability VCID-d3hk-n3x4-dfb6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.3.5-4
aliases CVE-2011-1951
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1gf1-xw2a-dqgq
1
url VCID-1xzy-xag3-5ybt
vulnerability_id VCID-1xzy-xag3-5ybt
summary syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided / invalidated. This issue could have an impact on TLS connections, such as in man-in-the-middle situations. Version 4.8.2 contains a fix for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47619
reference_id
reference_type
scores
0
value 0.00507
scoring_system epss
scoring_elements 0.66307
published_at 2026-04-21T12:55:00Z
1
value 0.00507
scoring_system epss
scoring_elements 0.66265
published_at 2026-04-04T12:55:00Z
2
value 0.00507
scoring_system epss
scoring_elements 0.66235
published_at 2026-04-07T12:55:00Z
3
value 0.00507
scoring_system epss
scoring_elements 0.66283
published_at 2026-04-08T12:55:00Z
4
value 0.00507
scoring_system epss
scoring_elements 0.66296
published_at 2026-04-09T12:55:00Z
5
value 0.00507
scoring_system epss
scoring_elements 0.66316
published_at 2026-04-11T12:55:00Z
6
value 0.00507
scoring_system epss
scoring_elements 0.66303
published_at 2026-04-12T12:55:00Z
7
value 0.00507
scoring_system epss
scoring_elements 0.66272
published_at 2026-04-13T12:55:00Z
8
value 0.00507
scoring_system epss
scoring_elements 0.66306
published_at 2026-04-16T12:55:00Z
9
value 0.00507
scoring_system epss
scoring_elements 0.66322
published_at 2026-04-18T12:55:00Z
10
value 0.00507
scoring_system epss
scoring_elements 0.66238
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47619
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47619
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47619
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104890
reference_id 1104890
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104890
4
reference_url https://github.com/syslog-ng/syslog-ng/commit/dadfdbecde5bfe710b0a6ee5699f96926b3f9006
reference_id dadfdbecde5bfe710b0a6ee5699f96926b3f9006
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T17:22:10Z/
url https://github.com/syslog-ng/syslog-ng/commit/dadfdbecde5bfe710b0a6ee5699f96926b3f9006
5
reference_url https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-xr54-gx74-fghg
reference_id GHSA-xr54-gx74-fghg
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T17:22:10Z/
url https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-xr54-gx74-fghg
6
reference_url https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.8.2
reference_id syslog-ng-4.8.2
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T17:22:10Z/
url https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.8.2
7
reference_url https://github.com/syslog-ng/syslog-ng/blob/b0ccc8952d333fbc2d97e51fddc0b569a15e7a7d/lib/transport/tls-verifier.c#L78-L110
reference_id tls-verifier.c#L78-L110
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T17:22:10Z/
url https://github.com/syslog-ng/syslog-ng/blob/b0ccc8952d333fbc2d97e51fddc0b569a15e7a7d/lib/transport/tls-verifier.c#L78-L110
fixed_packages
0
url pkg:deb/debian/syslog-ng@3.38.1-5%2Bdeb12u1
purl pkg:deb/debian/syslog-ng@3.38.1-5%2Bdeb12u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.38.1-5%252Bdeb12u1
aliases CVE-2024-47619
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1xzy-xag3-5ybt
2
url VCID-2rmg-7wqe-nqcq
vulnerability_id VCID-2rmg-7wqe-nqcq
summary Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.
references
0
reference_url http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491
reference_id
reference_type
scores
url http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-0343
reference_id
reference_type
scores
0
value 0.00043
scoring_system epss
scoring_elements 0.13006
published_at 2026-04-18T12:55:00Z
1
value 0.00043
scoring_system epss
scoring_elements 0.13117
published_at 2026-04-01T12:55:00Z
2
value 0.00043
scoring_system epss
scoring_elements 0.13225
published_at 2026-04-02T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.13291
published_at 2026-04-04T12:55:00Z
4
value 0.00043
scoring_system epss
scoring_elements 0.13089
published_at 2026-04-07T12:55:00Z
5
value 0.00043
scoring_system epss
scoring_elements 0.13171
published_at 2026-04-08T12:55:00Z
6
value 0.00043
scoring_system epss
scoring_elements 0.13222
published_at 2026-04-09T12:55:00Z
7
value 0.00043
scoring_system epss
scoring_elements 0.13191
published_at 2026-04-11T12:55:00Z
8
value 0.00043
scoring_system epss
scoring_elements 0.13153
published_at 2026-04-12T12:55:00Z
9
value 0.00043
scoring_system epss
scoring_elements 0.13102
published_at 2026-04-21T12:55:00Z
10
value 0.00043
scoring_system epss
scoring_elements 0.13003
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-0343
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0343
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0343
3
reference_url https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
reference_id
reference_type
scores
url https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
4
reference_url https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
reference_id
reference_type
scores
url https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
5
reference_url http://www.securityfocus.com/archive/1/515955/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/515955/100/0/threaded
6
reference_url http://www.securityfocus.com/bid/45988
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/45988
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491
reference_id 608491
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:open_source:*:*:*
reference_id cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:open_source:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:open_source:*:*:*
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:premium:*:*:*
reference_id cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:premium:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:premium:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:3.0:*:*:*:open_source:*:*:*
reference_id cpe:2.3:a:oneidentity:syslog-ng:3.0:*:*:*:open_source:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:3.0:*:*:*:open_source:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:3.0:*:*:*:premium:*:*:*
reference_id cpe:2.3:a:oneidentity:syslog-ng:3.0:*:*:*:premium:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:3.0:*:*:*:premium:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:3.1:*:*:*:open_source:*:*:*
reference_id cpe:2.3:a:oneidentity:syslog-ng:3.1:*:*:*:open_source:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:3.1:*:*:*:open_source:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:3.1:*:*:*:premium:*:*:*
reference_id cpe:2.3:a:oneidentity:syslog-ng:3.1:*:*:*:premium:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:3.1:*:*:*:premium:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:3.2:*:*:*:open_source:*:*:*
reference_id cpe:2.3:a:oneidentity:syslog-ng:3.2:*:*:*:open_source:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:3.2:*:*:*:open_source:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:3.2:*:*:*:premium:*:*:*
reference_id cpe:2.3:a:oneidentity:syslog-ng:3.2:*:*:*:premium:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:3.2:*:*:*:premium:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
reference_id cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*
reference_id cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0343
reference_id CVE-2011-0343
reference_type
scores
0
value 6.9
scoring_system cvssv2
scoring_elements AV:L/AC:M/Au:N/C:C/I:C/A:C
url https://nvd.nist.gov/vuln/detail/CVE-2011-0343
fixed_packages
0
url pkg:deb/debian/syslog-ng@3.1.3-3
purl pkg:deb/debian/syslog-ng@3.1.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gf1-xw2a-dqgq
1
vulnerability VCID-1xzy-xag3-5ybt
2
vulnerability VCID-d3hk-n3x4-dfb6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.1.3-3
aliases CVE-2011-0343
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2rmg-7wqe-nqcq
3
url VCID-d3hk-n3x4-dfb6
vulnerability_id VCID-d3hk-n3x4-dfb6
summary A denial of service vulnerability was discovered in rsyslog related to syslog input over the network.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-38725
reference_id
reference_type
scores
0
value 0.04916
scoring_system epss
scoring_elements 0.8959
published_at 2026-04-07T12:55:00Z
1
value 0.04916
scoring_system epss
scoring_elements 0.89576
published_at 2026-04-02T12:55:00Z
2
value 0.04916
scoring_system epss
scoring_elements 0.89622
published_at 2026-04-21T12:55:00Z
3
value 0.04916
scoring_system epss
scoring_elements 0.89627
published_at 2026-04-18T12:55:00Z
4
value 0.04916
scoring_system epss
scoring_elements 0.89626
published_at 2026-04-16T12:55:00Z
5
value 0.04916
scoring_system epss
scoring_elements 0.89618
published_at 2026-04-12T12:55:00Z
6
value 0.04916
scoring_system epss
scoring_elements 0.89619
published_at 2026-04-11T12:55:00Z
7
value 0.04916
scoring_system epss
scoring_elements 0.89612
published_at 2026-04-13T12:55:00Z
8
value 0.04916
scoring_system epss
scoring_elements 0.89607
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-38725
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38725
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38725
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://www.debian.org/security/2023/dsa-5369
reference_id dsa-5369
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/
url https://www.debian.org/security/2023/dsa-5369
4
reference_url https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc
reference_id GHSA-7932-4fc6-pvmc
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/
url https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc
5
reference_url https://security.gentoo.org/glsa/202305-09
reference_id GLSA-202305-09
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/
url https://security.gentoo.org/glsa/202305-09
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB/
reference_id J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB/
7
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00043.html
reference_id msg00043.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/
url https://lists.debian.org/debian-lts-announce/2023/02/msg00043.html
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7/
reference_id QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7/
9
reference_url https://lists.balabit.hu/pipermail/syslog-ng/
reference_id syslog-ng
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/
url https://lists.balabit.hu/pipermail/syslog-ng/
fixed_packages
0
url pkg:deb/debian/syslog-ng@3.28.1-2%2Bdeb11u1
purl pkg:deb/debian/syslog-ng@3.28.1-2%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xzy-xag3-5ybt
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.28.1-2%252Bdeb11u1
aliases CVE-2022-38725
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d3hk-n3x4-dfb6
Fixing_vulnerabilities
0
url VCID-bfpg-vpax-ryhy
vulnerability_id VCID-bfpg-vpax-ryhy
summary 
Syslog-ng does not properly initialize its chroot jail allowing for an
    escape if a separate vulnerability in Syslog-ng is exploited.
references
0
reference_url http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505791
reference_id
reference_type
scores
url http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505791
1
reference_url http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083
reference_id
reference_type
scores
url http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5110.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5110.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-5110
reference_id
reference_type
scores
0
value 0.01088
scoring_system epss
scoring_elements 0.77947
published_at 2026-04-21T12:55:00Z
1
value 0.01088
scoring_system epss
scoring_elements 0.77857
published_at 2026-04-01T12:55:00Z
2
value 0.01088
scoring_system epss
scoring_elements 0.77865
published_at 2026-04-02T12:55:00Z
3
value 0.01088
scoring_system epss
scoring_elements 0.77892
published_at 2026-04-04T12:55:00Z
4
value 0.01088
scoring_system epss
scoring_elements 0.77875
published_at 2026-04-07T12:55:00Z
5
value 0.01088
scoring_system epss
scoring_elements 0.77902
published_at 2026-04-08T12:55:00Z
6
value 0.01088
scoring_system epss
scoring_elements 0.77907
published_at 2026-04-09T12:55:00Z
7
value 0.01088
scoring_system epss
scoring_elements 0.77933
published_at 2026-04-11T12:55:00Z
8
value 0.01088
scoring_system epss
scoring_elements 0.77917
published_at 2026-04-13T12:55:00Z
9
value 0.01088
scoring_system epss
scoring_elements 0.77955
published_at 2026-04-16T12:55:00Z
10
value 0.01088
scoring_system epss
scoring_elements 0.77953
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-5110
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5110
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5110
5
reference_url http://secunia.com/advisories/35748
reference_id
reference_type
scores
url http://secunia.com/advisories/35748
6
reference_url http://secunia.com/advisories/40551
reference_id
reference_type
scores
url http://secunia.com/advisories/40551
7
reference_url http://security.gentoo.org/glsa/glsa-200907-10.xml
reference_id
reference_type
scores
url http://security.gentoo.org/glsa/glsa-200907-10.xml
8
reference_url http://www.openwall.com/lists/oss-security/2008/11/17/3
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2008/11/17/3
9
reference_url http://www.vupen.com/english/advisories/2010/1796
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2010/1796
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=471984
reference_id 471984
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=471984
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505791
reference_id 505791
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505791
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2008-5110
reference_id CVE-2008-5110
reference_type
scores
0
value 9.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:C/I:C/A:C
url https://nvd.nist.gov/vuln/detail/CVE-2008-5110
14
reference_url https://security.gentoo.org/glsa/200907-10
reference_id GLSA-200907-10
reference_type
scores
url https://security.gentoo.org/glsa/200907-10
fixed_packages
0
url pkg:deb/debian/syslog-ng@2.0.9-4.1
purl pkg:deb/debian/syslog-ng@2.0.9-4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gf1-xw2a-dqgq
1
vulnerability VCID-1xzy-xag3-5ybt
2
vulnerability VCID-2rmg-7wqe-nqcq
3
vulnerability VCID-d3hk-n3x4-dfb6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@2.0.9-4.1
aliases CVE-2008-5110
risk_score 4.2
exploitability 0.5
weighted_severity 8.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bfpg-vpax-ryhy
1
url VCID-c9ef-1f5v-y7b7
vulnerability_id VCID-c9ef-1f5v-y7b7
summary A Denial of Service vulnerability has been discovered in Syslog-ng.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6437.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6437.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-6437
reference_id
reference_type
scores
0
value 0.05794
scoring_system epss
scoring_elements 0.90463
published_at 2026-04-01T12:55:00Z
1
value 0.05794
scoring_system epss
scoring_elements 0.90467
published_at 2026-04-02T12:55:00Z
2
value 0.05794
scoring_system epss
scoring_elements 0.90479
published_at 2026-04-04T12:55:00Z
3
value 0.05794
scoring_system epss
scoring_elements 0.90484
published_at 2026-04-07T12:55:00Z
4
value 0.05794
scoring_system epss
scoring_elements 0.90497
published_at 2026-04-08T12:55:00Z
5
value 0.05794
scoring_system epss
scoring_elements 0.90503
published_at 2026-04-09T12:55:00Z
6
value 0.05794
scoring_system epss
scoring_elements 0.9051
published_at 2026-04-12T12:55:00Z
7
value 0.05794
scoring_system epss
scoring_elements 0.90504
published_at 2026-04-13T12:55:00Z
8
value 0.05794
scoring_system epss
scoring_elements 0.90522
published_at 2026-04-18T12:55:00Z
9
value 0.05794
scoring_system epss
scoring_elements 0.9052
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-6437
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6437
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6437
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=426173
reference_id 426173
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=426173
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457334
reference_id 457334
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457334
5
reference_url https://security.gentoo.org/glsa/200712-19
reference_id GLSA-200712-19
reference_type
scores
url https://security.gentoo.org/glsa/200712-19
fixed_packages
0
url pkg:deb/debian/syslog-ng@2.0.9-4.1
purl pkg:deb/debian/syslog-ng@2.0.9-4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gf1-xw2a-dqgq
1
vulnerability VCID-1xzy-xag3-5ybt
2
vulnerability VCID-2rmg-7wqe-nqcq
3
vulnerability VCID-d3hk-n3x4-dfb6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@2.0.9-4.1
aliases CVE-2007-6437
risk_score 0.1
exploitability 0.5
weighted_severity 0.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c9ef-1f5v-y7b7
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@2.0.9-4.1