Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/130246?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/130246?format=api", "purl": "pkg:deb/debian/syslog-ng@3.28.1-2%2Bdeb11u1?distro=trixie", "type": "deb", "namespace": "debian", "name": "syslog-ng", "version": "3.28.1-2+deb11u1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.28.1-2+deb11u2", "latest_non_vulnerable_version": "4.8.1-7", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101843?format=api", "vulnerability_id": "VCID-1uyw-3euw-jbfv", "summary": "Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0343", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13454", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13534", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1354", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13498", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13412", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0343" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0343", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0343" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491", "reference_id": "608491", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130253?format=api", "purl": "pkg:deb/debian/syslog-ng@3.1.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.1.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130246?format=api", "purl": "pkg:deb/debian/syslog-ng@3.28.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.28.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130243?format=api", "purl": "pkg:deb/debian/syslog-ng@3.38.1-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.38.1-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130248?format=api", "purl": "pkg:deb/debian/syslog-ng@4.8.1-5%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@4.8.1-5%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130247?format=api", "purl": "pkg:deb/debian/syslog-ng@4.8.1-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@4.8.1-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-0343" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1uyw-3euw-jbfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101839?format=api", "vulnerability_id": "VCID-66v1-7ezj-xfcz", "summary": "Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2002-1200", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0653", "scoring_system": "epss", "scoring_elements": "0.91287", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0653", "scoring_system": "epss", "scoring_elements": "0.91299", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0653", "scoring_system": "epss", "scoring_elements": "0.913", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0653", "scoring_system": "epss", "scoring_elements": "0.91296", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0653", "scoring_system": "epss", "scoring_elements": "0.91292", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2002-1200" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1200", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1200" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130244?format=api", "purl": "pkg:deb/debian/syslog-ng@1.5.21-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@1.5.21-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130246?format=api", "purl": "pkg:deb/debian/syslog-ng@3.28.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.28.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130243?format=api", "purl": "pkg:deb/debian/syslog-ng@3.38.1-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.38.1-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130248?format=api", "purl": "pkg:deb/debian/syslog-ng@4.8.1-5%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@4.8.1-5%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130247?format=api", "purl": "pkg:deb/debian/syslog-ng@4.8.1-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@4.8.1-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2002-1200" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-66v1-7ezj-xfcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101840?format=api", "vulnerability_id": "VCID-e4h3-zqg3-gfac", "summary": "Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows remote attackers to cause a denial of service (crash) via a message with a timestamp that does not contain a trailing space, which triggers a NULL pointer dereference.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6437.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6437.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-6437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05794", "scoring_system": "epss", "scoring_elements": "0.90661", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05794", "scoring_system": "epss", "scoring_elements": "0.90675", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05794", "scoring_system": "epss", "scoring_elements": "0.90674", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.05794", "scoring_system": "epss", "scoring_elements": "0.90672", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.05794", "scoring_system": "epss", "scoring_elements": "0.9067", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-6437" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6437", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6437" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=426173", "reference_id": "426173", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=426173" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457334", "reference_id": "457334", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457334" }, { "reference_url": "https://security.gentoo.org/glsa/200712-19", "reference_id": "GLSA-200712-19", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200712-19" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130249?format=api", "purl": "pkg:deb/debian/syslog-ng@2.0.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@2.0.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130246?format=api", "purl": "pkg:deb/debian/syslog-ng@3.28.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.28.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130243?format=api", "purl": "pkg:deb/debian/syslog-ng@3.38.1-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.38.1-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130248?format=api", "purl": "pkg:deb/debian/syslog-ng@4.8.1-5%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@4.8.1-5%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130247?format=api", "purl": "pkg:deb/debian/syslog-ng@4.8.1-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@4.8.1-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-6437" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e4h3-zqg3-gfac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101841?format=api", "vulnerability_id": "VCID-ecer-j4vm-mka3", "summary": "syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5110.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5110.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5110", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01088", "scoring_system": "epss", "scoring_elements": "0.78256", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01088", "scoring_system": "epss", "scoring_elements": "0.78282", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01088", "scoring_system": "epss", "scoring_elements": "0.78289", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01088", "scoring_system": "epss", "scoring_elements": "0.78279", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01088", "scoring_system": "epss", "scoring_elements": "0.78267", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5110" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5110", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5110" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=471984", "reference_id": "471984", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=471984" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505791", "reference_id": "505791", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505791" }, { "reference_url": "https://security.gentoo.org/glsa/200907-10", "reference_id": "GLSA-200907-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200907-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130252?format=api", "purl": "pkg:deb/debian/syslog-ng@2.0.9-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@2.0.9-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130246?format=api", "purl": "pkg:deb/debian/syslog-ng@3.28.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.28.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130243?format=api", "purl": "pkg:deb/debian/syslog-ng@3.38.1-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.38.1-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130248?format=api", "purl": "pkg:deb/debian/syslog-ng@4.8.1-5%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@4.8.1-5%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130247?format=api", "purl": "pkg:deb/debian/syslog-ng@4.8.1-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@4.8.1-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2008-5110" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ecer-j4vm-mka3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101845?format=api", "vulnerability_id": "VCID-fg72-6hke-r3e4", "summary": "An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38725", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04916", "scoring_system": "epss", "scoring_elements": "0.89788", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04916", "scoring_system": "epss", "scoring_elements": "0.89804", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.04916", "scoring_system": "epss", "scoring_elements": "0.89806", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38725" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38725", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38725" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5369", "reference_id": "dsa-5369", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5369" }, { "reference_url": "https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc", "reference_id": "GHSA-7932-4fc6-pvmc", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/" } ], "url": "https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc" }, { "reference_url": "https://security.gentoo.org/glsa/202305-09", "reference_id": "GLSA-202305-09", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/" } ], "url": "https://security.gentoo.org/glsa/202305-09" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB/", "reference_id": "J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00043.html", "reference_id": "msg00043.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00043.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7/", "reference_id": "QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7/" }, { "reference_url": "https://lists.balabit.hu/pipermail/syslog-ng/", "reference_id": "syslog-ng", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/" } ], "url": "https://lists.balabit.hu/pipermail/syslog-ng/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130246?format=api", "purl": "pkg:deb/debian/syslog-ng@3.28.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.28.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130256?format=api", "purl": "pkg:deb/debian/syslog-ng@3.38.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.38.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130243?format=api", "purl": "pkg:deb/debian/syslog-ng@3.38.1-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.38.1-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130248?format=api", "purl": "pkg:deb/debian/syslog-ng@4.8.1-5%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@4.8.1-5%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130247?format=api", "purl": "pkg:deb/debian/syslog-ng@4.8.1-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@4.8.1-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-38725" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fg72-6hke-r3e4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101846?format=api", "vulnerability_id": "VCID-he76-3jb6-tkhk", "summary": "syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided / invalidated. This issue could have an impact on TLS connections, such as in man-in-the-middle situations. Version 4.8.2 contains a fix for the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47619", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.6668", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66658", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66674", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66688", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47619" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47619", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47619" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104890", "reference_id": "1104890", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104890" }, { "reference_url": "https://github.com/syslog-ng/syslog-ng/commit/dadfdbecde5bfe710b0a6ee5699f96926b3f9006", "reference_id": "dadfdbecde5bfe710b0a6ee5699f96926b3f9006", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T17:22:10Z/" } ], "url": "https://github.com/syslog-ng/syslog-ng/commit/dadfdbecde5bfe710b0a6ee5699f96926b3f9006" }, { "reference_url": "https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-xr54-gx74-fghg", "reference_id": "GHSA-xr54-gx74-fghg", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T17:22:10Z/" } ], "url": "https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-xr54-gx74-fghg" }, { "reference_url": "https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.8.2", "reference_id": "syslog-ng-4.8.2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T17:22:10Z/" } ], "url": "https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.8.2" }, { "reference_url": "https://github.com/syslog-ng/syslog-ng/blob/b0ccc8952d333fbc2d97e51fddc0b569a15e7a7d/lib/transport/tls-verifier.c#L78-L110", "reference_id": "tls-verifier.c#L78-L110", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T17:22:10Z/" } ], "url": "https://github.com/syslog-ng/syslog-ng/blob/b0ccc8952d333fbc2d97e51fddc0b569a15e7a7d/lib/transport/tls-verifier.c#L78-L110" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130246?format=api", "purl": "pkg:deb/debian/syslog-ng@3.28.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.28.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130257?format=api", "purl": "pkg:deb/debian/syslog-ng@3.28.1-2%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.28.1-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130243?format=api", "purl": "pkg:deb/debian/syslog-ng@3.38.1-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.38.1-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130258?format=api", "purl": "pkg:deb/debian/syslog-ng@4.8.1-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@4.8.1-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130248?format=api", "purl": "pkg:deb/debian/syslog-ng@4.8.1-5%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@4.8.1-5%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130247?format=api", "purl": "pkg:deb/debian/syslog-ng@4.8.1-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@4.8.1-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-47619" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-he76-3jb6-tkhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101844?format=api", "vulnerability_id": "VCID-pwer-bppj-fueh", "summary": "lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via a message that does not match a regular expression.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1951", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01548", "scoring_system": "epss", "scoring_elements": "0.81735", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01548", "scoring_system": "epss", "scoring_elements": "0.81769", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01548", "scoring_system": "epss", "scoring_elements": "0.8177", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01548", "scoring_system": "epss", "scoring_elements": "0.81763", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1951" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1951", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1951" }, { "reference_url": "https://security.gentoo.org/glsa/201412-09", "reference_id": "GLSA-201412-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130254?format=api", "purl": "pkg:deb/debian/syslog-ng@3.2.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.2.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130246?format=api", "purl": "pkg:deb/debian/syslog-ng@3.28.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.28.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130243?format=api", "purl": "pkg:deb/debian/syslog-ng@3.38.1-5%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.38.1-5%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130248?format=api", "purl": "pkg:deb/debian/syslog-ng@4.8.1-5%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@4.8.1-5%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130247?format=api", "purl": "pkg:deb/debian/syslog-ng@4.8.1-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@4.8.1-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-1951" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pwer-bppj-fueh" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.28.1-2%252Bdeb11u1%3Fdistro=trixie" }