Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/syslog-ng@3.3.5-4

Type deb

Namespace debian

Name syslog-ng

Version 3.3.5-4

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.38.1-5+deb12u1

Latest_non_vulnerable_version 3.38.1-5+deb12u1

Affected_by_vulnerabilities

url VCID-1xzy-xag3-5ybt

vulnerability_id VCID-1xzy-xag3-5ybt

summary syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided / invalidated. This issue could have an impact on TLS connections, such as in man-in-the-middle situations. Version 4.8.2 contains a fix for the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-47619

reference_id

reference_type

scores

value	0.00507
scoring_system	epss
scoring_elements	0.66307
published_at	2026-04-21T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66265
published_at	2026-04-04T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66235
published_at	2026-04-07T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66283
published_at	2026-04-08T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66296
published_at	2026-04-09T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66316
published_at	2026-04-11T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66303
published_at	2026-04-12T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66272
published_at	2026-04-13T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66306
published_at	2026-04-16T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66322
published_at	2026-04-18T12:55:00Z

value	0.00507
scoring_system	epss
scoring_elements	0.66238
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-47619

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47619
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47619

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104890
reference_id	1104890
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104890

reference_url

https://github.com/syslog-ng/syslog-ng/commit/dadfdbecde5bfe710b0a6ee5699f96926b3f9006

reference_id

dadfdbecde5bfe710b0a6ee5699f96926b3f9006

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T17:22:10Z/

url

https://github.com/syslog-ng/syslog-ng/commit/dadfdbecde5bfe710b0a6ee5699f96926b3f9006

reference_url

https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-xr54-gx74-fghg

reference_id

GHSA-xr54-gx74-fghg

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T17:22:10Z/

url

https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-xr54-gx74-fghg

reference_url

https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.8.2

reference_id

syslog-ng-4.8.2

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T17:22:10Z/

url

https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.8.2

reference_url

https://github.com/syslog-ng/syslog-ng/blob/b0ccc8952d333fbc2d97e51fddc0b569a15e7a7d/lib/transport/tls-verifier.c#L78-L110

reference_id

tls-verifier.c#L78-L110

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T17:22:10Z/

url

https://github.com/syslog-ng/syslog-ng/blob/b0ccc8952d333fbc2d97e51fddc0b569a15e7a7d/lib/transport/tls-verifier.c#L78-L110

fixed_packages

url	pkg:deb/debian/syslog-ng@3.38.1-5%2Bdeb12u1
purl	pkg:deb/debian/syslog-ng@3.38.1-5%2Bdeb12u1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.38.1-5%252Bdeb12u1

aliases CVE-2024-47619

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1xzy-xag3-5ybt

url VCID-d3hk-n3x4-dfb6

vulnerability_id VCID-d3hk-n3x4-dfb6

summary A denial of service vulnerability was discovered in rsyslog related to syslog input over the network.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-38725

reference_id

reference_type

scores

value	0.04916
scoring_system	epss
scoring_elements	0.8959
published_at	2026-04-07T12:55:00Z

value	0.04916
scoring_system	epss
scoring_elements	0.89576
published_at	2026-04-02T12:55:00Z

value	0.04916
scoring_system	epss
scoring_elements	0.89622
published_at	2026-04-21T12:55:00Z

value	0.04916
scoring_system	epss
scoring_elements	0.89627
published_at	2026-04-18T12:55:00Z

value	0.04916
scoring_system	epss
scoring_elements	0.89626
published_at	2026-04-16T12:55:00Z

value	0.04916
scoring_system	epss
scoring_elements	0.89618
published_at	2026-04-12T12:55:00Z

value	0.04916
scoring_system	epss
scoring_elements	0.89619
published_at	2026-04-11T12:55:00Z

value	0.04916
scoring_system	epss
scoring_elements	0.89612
published_at	2026-04-13T12:55:00Z

value	0.04916
scoring_system	epss
scoring_elements	0.89607
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-38725

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38725
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38725

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://www.debian.org/security/2023/dsa-5369

reference_id

dsa-5369

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/

url

https://www.debian.org/security/2023/dsa-5369

reference_url

https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc

reference_id

GHSA-7932-4fc6-pvmc

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/

url

https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc

reference_url

https://security.gentoo.org/glsa/202305-09

reference_id

GLSA-202305-09

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/

url

https://security.gentoo.org/glsa/202305-09

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB/

reference_id

J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB/

reference_url

https://lists.debian.org/debian-lts-announce/2023/02/msg00043.html

reference_id

msg00043.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00043.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7/

reference_id

QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7/

reference_url

https://lists.balabit.hu/pipermail/syslog-ng/

reference_id

syslog-ng

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/

url

https://lists.balabit.hu/pipermail/syslog-ng/

fixed_packages

url pkg:deb/debian/syslog-ng@3.28.1-2%2Bdeb11u1

purl pkg:deb/debian/syslog-ng@3.28.1-2%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xzy-xag3-5ybt

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.28.1-2%252Bdeb11u1

aliases CVE-2022-38725

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d3hk-n3x4-dfb6

Fixing_vulnerabilities

url VCID-1gf1-xw2a-dqgq

vulnerability_id VCID-1gf1-xw2a-dqgq

summary

This GLSA contains notification of vulnerabilities found in several
    Gentoo packages which have been fixed prior to January 1, 2012. The worst
    of these vulnerabilities could lead to local privilege escalation and
    remote code execution. Please see the package list and CVE identifiers
    below for more information.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-1951

reference_id

reference_type

scores

value	0.01548
scoring_system	epss
scoring_elements	0.81342
published_at	2026-04-01T12:55:00Z

value	0.01548
scoring_system	epss
scoring_elements	0.81351
published_at	2026-04-02T12:55:00Z

value	0.01548
scoring_system	epss
scoring_elements	0.81374
published_at	2026-04-04T12:55:00Z

value	0.01548
scoring_system	epss
scoring_elements	0.81371
published_at	2026-04-07T12:55:00Z

value	0.01548
scoring_system	epss
scoring_elements	0.814
published_at	2026-04-08T12:55:00Z

value	0.01548
scoring_system	epss
scoring_elements	0.81404
published_at	2026-04-09T12:55:00Z

value	0.01548
scoring_system	epss
scoring_elements	0.81425
published_at	2026-04-11T12:55:00Z

value	0.01548
scoring_system	epss
scoring_elements	0.81413
published_at	2026-04-12T12:55:00Z

value	0.01548
scoring_system	epss
scoring_elements	0.81406
published_at	2026-04-13T12:55:00Z

value	0.01548
scoring_system	epss
scoring_elements	0.81443
published_at	2026-04-16T12:55:00Z

value	0.01548
scoring_system	epss
scoring_elements	0.81444
published_at	2026-04-18T12:55:00Z

value	0.01548
scoring_system	epss
scoring_elements	0.81445
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-1951

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1951
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1951

reference_url	https://security.gentoo.org/glsa/201412-09
reference_id	GLSA-201412-09
reference_type
scores
url	https://security.gentoo.org/glsa/201412-09

fixed_packages

url pkg:deb/debian/syslog-ng@3.3.5-4

purl pkg:deb/debian/syslog-ng@3.3.5-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xzy-xag3-5ybt

vulnerability	VCID-d3hk-n3x4-dfb6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.3.5-4

aliases CVE-2011-1951

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1gf1-xw2a-dqgq

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.3.5-4

Package Instance