VulnerableCode Package Details - pkg:deb/debian/syslog-ng@4.8.1-7?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1gf1-xw2a-dqgq	This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information.	CVE-2011-1951
VCID-1xzy-xag3-5ybt	syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo..bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.ac.bar` which glib matches but should be avoided / invalidated. This issue could have an impact on TLS connections, such as in man-in-the-middle situations. Version 4.8.2 contains a fix for the issue.	CVE-2024-47619
VCID-2rmg-7wqe-nqcq	Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.	CVE-2011-0343
VCID-8csr-snmd-dqby	Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.	CVE-2002-1200
VCID-bfpg-vpax-ryhy	Syslog-ng does not properly initialize its chroot jail allowing for an escape if a separate vulnerability in Syslog-ng is exploited.	CVE-2008-5110
VCID-c9ef-1f5v-y7b7	A Denial of Service vulnerability has been discovered in Syslog-ng.	CVE-2007-6437
VCID-d3hk-n3x4-dfb6	A denial of service vulnerability was discovered in rsyslog related to syslog input over the network.	CVE-2022-38725

Vulnerability

Summary

Aliases

VCID-1gf1-xw2a-dqgq

This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information.

CVE-2011-1951

VCID-1xzy-xag3-5ybt

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided / invalidated. This issue could have an impact on TLS connections, such as in man-in-the-middle situations. Version 4.8.2 contains a fix for the issue.

CVE-2024-47619

VCID-2rmg-7wqe-nqcq

Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.

CVE-2011-0343

VCID-8csr-snmd-dqby

Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.

CVE-2002-1200

VCID-bfpg-vpax-ryhy

Syslog-ng does not properly initialize its chroot jail allowing for an escape if a separate vulnerability in Syslog-ng is exploited.

CVE-2008-5110

VCID-c9ef-1f5v-y7b7

A Denial of Service vulnerability has been discovered in Syslog-ng.

CVE-2007-6437

VCID-d3hk-n3x4-dfb6

A denial of service vulnerability was discovered in rsyslog related to syslog input over the network.

CVE-2022-38725

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:59:04.408968+00:00	Debian Importer	Fixing	VCID-bfpg-vpax-ryhy	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:34:26.771340+00:00	Debian Importer	Fixing	VCID-d3hk-n3x4-dfb6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:29:39.030568+00:00	Debian Importer	Fixing	VCID-1xzy-xag3-5ybt	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:23:57.703946+00:00	Debian Importer	Fixing	VCID-2rmg-7wqe-nqcq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:35:25.310856+00:00	Debian Importer	Fixing	VCID-8csr-snmd-dqby	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:30:08.631556+00:00	Debian Importer	Fixing	VCID-c9ef-1f5v-y7b7	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:22:58.990728+00:00	Debian Importer	Fixing	VCID-1gf1-xw2a-dqgq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:55:15.475422+00:00	Debian Importer	Fixing	VCID-bfpg-vpax-ryhy	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:36:42.034211+00:00	Debian Importer	Fixing	VCID-d3hk-n3x4-dfb6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:33:13.909324+00:00	Debian Importer	Fixing	VCID-1xzy-xag3-5ybt	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:29:08.015826+00:00	Debian Importer	Fixing	VCID-2rmg-7wqe-nqcq	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:54:08.618500+00:00	Debian Importer	Fixing	VCID-8csr-snmd-dqby	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:50:21.982403+00:00	Debian Importer	Fixing	VCID-c9ef-1f5v-y7b7	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:59:45.045502+00:00	Debian Importer	Fixing	VCID-1gf1-xw2a-dqgq	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:53:44.883984+00:00	Debian Importer	Fixing	VCID-1xzy-xag3-5ybt	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:53:44.835515+00:00	Debian Importer	Fixing	VCID-d3hk-n3x4-dfb6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:53:44.792927+00:00	Debian Importer	Fixing	VCID-1gf1-xw2a-dqgq	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:53:44.750371+00:00	Debian Importer	Fixing	VCID-2rmg-7wqe-nqcq	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:53:44.701123+00:00	Debian Importer	Fixing	VCID-bfpg-vpax-ryhy	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:53:44.652250+00:00	Debian Importer	Fixing	VCID-c9ef-1f5v-y7b7	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:53:44.600804+00:00	Debian Importer	Fixing	VCID-8csr-snmd-dqby	https://security-tracker.debian.org/tracker/data/json	38.1.0