VulnerableCode Package Details - pkg:deb/debian/syslog-ng@1.4.0rc3-3

Search for packages

Vulnerability	Summary	Fixed by
VCID-1gf1-xw2a-dqgq Aliases: CVE-2011-1951	This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information.	3.3.5-4 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-1xzy-xag3-5ybt Aliases: CVE-2024-47619	syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo..bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.ac.bar` which glib matches but should be avoided / invalidated. This issue could have an impact on TLS connections, such as in man-in-the-middle situations. Version 4.8.2 contains a fix for the issue.	3.38.1-5+deb12u1 Affected by 0 other vulnerabilities.
VCID-2rmg-7wqe-nqcq Aliases: CVE-2011-0343	Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.	3.1.3-3 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-8csr-snmd-dqby Aliases: CVE-2002-1200	Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.	1.6.5-2.2 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bfpg-vpax-ryhy Aliases: CVE-2008-5110	Syslog-ng does not properly initialize its chroot jail allowing for an escape if a separate vulnerability in Syslog-ng is exploited.	2.0.9-4.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-c9ef-1f5v-y7b7 Aliases: CVE-2007-6437	A Denial of Service vulnerability has been discovered in Syslog-ng.	2.0.9-4.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-d3hk-n3x4-dfb6 Aliases: CVE-2022-38725	A denial of service vulnerability was discovered in rsyslog related to syslog input over the network.	3.28.1-2+deb11u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-1gf1-xw2a-dqgq
Aliases:
CVE-2011-1951

This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information.

3.3.5-4
Affected by 2 other vulnerabilities.

VCID-1xzy-xag3-5ybt
Aliases:
CVE-2024-47619

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided / invalidated. This issue could have an impact on TLS connections, such as in man-in-the-middle situations. Version 4.8.2 contains a fix for the issue.

3.38.1-5+deb12u1
Affected by 0 other vulnerabilities.

VCID-2rmg-7wqe-nqcq
Aliases:
CVE-2011-0343

Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.

3.1.3-3
Affected by 3 other vulnerabilities.

VCID-8csr-snmd-dqby
Aliases:
CVE-2002-1200

Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.

1.6.5-2.2
Affected by 6 other vulnerabilities.

VCID-bfpg-vpax-ryhy
Aliases:
CVE-2008-5110

Syslog-ng does not properly initialize its chroot jail allowing for an escape if a separate vulnerability in Syslog-ng is exploited.

2.0.9-4.1
Affected by 4 other vulnerabilities.

VCID-c9ef-1f5v-y7b7
Aliases:
CVE-2007-6437

A Denial of Service vulnerability has been discovered in Syslog-ng.

2.0.9-4.1
Affected by 4 other vulnerabilities.

VCID-d3hk-n3x4-dfb6
Aliases:
CVE-2022-38725

A denial of service vulnerability was discovered in rsyslog related to syslog input over the network.

3.28.1-2+deb11u1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T22:39:51.658106+00:00	Debian Oval Importer	Affected by	VCID-d3hk-n3x4-dfb6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T21:48:57.235066+00:00	Debian Oval Importer	Affected by	VCID-bfpg-vpax-ryhy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T21:22:58.697364+00:00	Debian Oval Importer	Affected by	VCID-1gf1-xw2a-dqgq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T20:52:25.501622+00:00	Debian Oval Importer	Affected by	VCID-c9ef-1f5v-y7b7	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T19:13:25.422573+00:00	Debian Oval Importer	Affected by	VCID-2rmg-7wqe-nqcq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:48:21.823047+00:00	Debian Oval Importer	Affected by	VCID-8csr-snmd-dqby	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:49:17.465354+00:00	Debian Oval Importer	Affected by	VCID-1xzy-xag3-5ybt	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T22:16:34.855975+00:00	Debian Oval Importer	Affected by	VCID-d3hk-n3x4-dfb6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T21:27:29.264397+00:00	Debian Oval Importer	Affected by	VCID-bfpg-vpax-ryhy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T21:02:27.418909+00:00	Debian Oval Importer	Affected by	VCID-1gf1-xw2a-dqgq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:33:01.288477+00:00	Debian Oval Importer	Affected by	VCID-c9ef-1f5v-y7b7	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:56:58.898349+00:00	Debian Oval Importer	Affected by	VCID-2rmg-7wqe-nqcq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:33:00.543201+00:00	Debian Oval Importer	Affected by	VCID-8csr-snmd-dqby	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:35:10.589562+00:00	Debian Oval Importer	Affected by	VCID-1xzy-xag3-5ybt	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T21:52:50.084383+00:00	Debian Oval Importer	Affected by	VCID-d3hk-n3x4-dfb6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T21:05:55.067924+00:00	Debian Oval Importer	Affected by	VCID-bfpg-vpax-ryhy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T20:41:43.088667+00:00	Debian Oval Importer	Affected by	VCID-1gf1-xw2a-dqgq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T20:13:12.650550+00:00	Debian Oval Importer	Affected by	VCID-c9ef-1f5v-y7b7	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:41:35.268341+00:00	Debian Oval Importer	Affected by	VCID-2rmg-7wqe-nqcq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:18:11.522290+00:00	Debian Oval Importer	Affected by	VCID-8csr-snmd-dqby	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T17:22:54.275464+00:00	Debian Oval Importer	Affected by	VCID-1xzy-xag3-5ybt	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0