Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/logrotate@3.21.0-1?distro=trixie

Type deb

Namespace debian

Name logrotate

Version 3.21.0-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 0

Latest_non_vulnerable_version 3.22.0-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-4u8a-h3cj-6ke7

vulnerability_id VCID-4u8a-h3cj-6ke7

summary

Multiple vulnerabilities were found in logrotate, which could lead
    to arbitrary system command execution.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1098
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1098

reference_url	https://security.gentoo.org/glsa/201206-36
reference_id	GLSA-201206-36
reference_type
scores
url	https://security.gentoo.org/glsa/201206-36

fixed_packages

url	pkg:deb/debian/logrotate@3.8.0-1?distro=trixie
purl	pkg:deb/debian/logrotate@3.8.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.8.0-1%3Fdistro=trixie

url	pkg:deb/debian/logrotate@3.18.0-2%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/logrotate@3.18.0-2%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.18.0-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/logrotate@3.21.0-1?distro=trixie
purl	pkg:deb/debian/logrotate@3.21.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.21.0-1%3Fdistro=trixie

url	pkg:deb/debian/logrotate@3.22.0-1?distro=trixie
purl	pkg:deb/debian/logrotate@3.22.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.22.0-1%3Fdistro=trixie

aliases CVE-2011-1098

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4u8a-h3cj-6ke7

url VCID-brm1-uq2b-uqg4

vulnerability_id VCID-brm1-uq2b-uqg4

summary The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1548
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1548

fixed_packages

url	pkg:deb/debian/logrotate@3.7.8-6?distro=trixie
purl	pkg:deb/debian/logrotate@3.7.8-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.7.8-6%3Fdistro=trixie

url	pkg:deb/debian/logrotate@3.18.0-2%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/logrotate@3.18.0-2%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.18.0-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/logrotate@3.21.0-1?distro=trixie
purl	pkg:deb/debian/logrotate@3.21.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.21.0-1%3Fdistro=trixie

url	pkg:deb/debian/logrotate@3.22.0-1?distro=trixie
purl	pkg:deb/debian/logrotate@3.22.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.22.0-1%3Fdistro=trixie

aliases CVE-2011-1548

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-brm1-uq2b-uqg4

url VCID-ed3e-jeuv-77ch

vulnerability_id VCID-ed3e-jeuv-77ch

summary

Multiple vulnerabilities were found in logrotate, which could lead
    to arbitrary system command execution.

references

reference_url	https://security.gentoo.org/glsa/201206-36
reference_id	GLSA-201206-36
reference_type
scores
url	https://security.gentoo.org/glsa/201206-36

fixed_packages

url	pkg:deb/debian/logrotate@0?distro=trixie
purl	pkg:deb/debian/logrotate@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@0%3Fdistro=trixie

url	pkg:deb/debian/logrotate@3.18.0-2%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/logrotate@3.18.0-2%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.18.0-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/logrotate@3.21.0-1?distro=trixie
purl	pkg:deb/debian/logrotate@3.21.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.21.0-1%3Fdistro=trixie

url	pkg:deb/debian/logrotate@3.22.0-1?distro=trixie
purl	pkg:deb/debian/logrotate@3.22.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.22.0-1%3Fdistro=trixie

aliases CVE-2011-1549

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ed3e-jeuv-77ch

url VCID-g67j-5vny-33b9

vulnerability_id VCID-g67j-5vny-33b9

summary

Multiple vulnerabilities were found in logrotate, which could lead
    to arbitrary system command execution.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1154

reference_url	https://security.gentoo.org/glsa/201206-36
reference_id	GLSA-201206-36
reference_type
scores
url	https://security.gentoo.org/glsa/201206-36

fixed_packages

url	pkg:deb/debian/logrotate@3.8.0-1?distro=trixie
purl	pkg:deb/debian/logrotate@3.8.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.8.0-1%3Fdistro=trixie

url	pkg:deb/debian/logrotate@3.18.0-2%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/logrotate@3.18.0-2%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.18.0-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/logrotate@3.21.0-1?distro=trixie
purl	pkg:deb/debian/logrotate@3.21.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.21.0-1%3Fdistro=trixie

url	pkg:deb/debian/logrotate@3.22.0-1?distro=trixie
purl	pkg:deb/debian/logrotate@3.22.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.22.0-1%3Fdistro=trixie

aliases CVE-2011-1154

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g67j-5vny-33b9

url VCID-jkgg-ad87-3yay

vulnerability_id VCID-jkgg-ad87-3yay

summary

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1348
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1348

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011644
reference_id	1011644
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011644

reference_url

http://www.openwall.com/lists/oss-security/2022/05/25/3

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:54:10Z/

url

http://www.openwall.com/lists/oss-security/2022/05/25/3

reference_url

http://www.openwall.com/lists/oss-security/2022/05/25/4

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:54:10Z/

url

http://www.openwall.com/lists/oss-security/2022/05/25/4

reference_url

http://www.openwall.com/lists/oss-security/2022/05/25/5

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:54:10Z/

url

http://www.openwall.com/lists/oss-security/2022/05/25/5

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2022-1348

reference_id

show_bug.cgi?id=CVE-2022-1348

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:54:10Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2022-1348

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7EHGYRE6DSFSBXQIWYDGTSXKO6IFSJQ/

reference_id

Y7EHGYRE6DSFSBXQIWYDGTSXKO6IFSJQ

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:54:10Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7EHGYRE6DSFSBXQIWYDGTSXKO6IFSJQ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZYEB4F37BY6GLEJKP2EPVAVQ6TA3HQKR/

reference_id

ZYEB4F37BY6GLEJKP2EPVAVQ6TA3HQKR

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:54:10Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZYEB4F37BY6GLEJKP2EPVAVQ6TA3HQKR/

fixed_packages

url	pkg:deb/debian/logrotate@3.18.0-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/logrotate@3.18.0-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.18.0-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/logrotate@3.18.0-2%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/logrotate@3.18.0-2%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.18.0-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/logrotate@3.20.1-1?distro=trixie
purl	pkg:deb/debian/logrotate@3.20.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.20.1-1%3Fdistro=trixie

url	pkg:deb/debian/logrotate@3.21.0-1?distro=trixie
purl	pkg:deb/debian/logrotate@3.21.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.21.0-1%3Fdistro=trixie

url	pkg:deb/debian/logrotate@3.22.0-1?distro=trixie
purl	pkg:deb/debian/logrotate@3.22.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.22.0-1%3Fdistro=trixie

aliases CVE-2022-1348

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jkgg-ad87-3yay

url VCID-jvfn-vnyz-m3gc

vulnerability_id VCID-jvfn-vnyz-m3gc

summary The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.

references

fixed_packages

url	pkg:deb/debian/logrotate@0?distro=trixie
purl	pkg:deb/debian/logrotate@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@0%3Fdistro=trixie

url	pkg:deb/debian/logrotate@3.18.0-2%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/logrotate@3.18.0-2%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.18.0-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/logrotate@3.21.0-1?distro=trixie
purl	pkg:deb/debian/logrotate@3.21.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.21.0-1%3Fdistro=trixie

url	pkg:deb/debian/logrotate@3.22.0-1?distro=trixie
purl	pkg:deb/debian/logrotate@3.22.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.22.0-1%3Fdistro=trixie

aliases CVE-2011-1550

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jvfn-vnyz-m3gc

url VCID-n76n-v9q9-cqgx

vulnerability_id VCID-n76n-v9q9-cqgx

summary

Multiple vulnerabilities were found in logrotate, which could lead
    to arbitrary system command execution.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1155

reference_url	https://security.gentoo.org/glsa/201206-36
reference_id	GLSA-201206-36
reference_type
scores
url	https://security.gentoo.org/glsa/201206-36

fixed_packages

url	pkg:deb/debian/logrotate@3.8.0-1?distro=trixie
purl	pkg:deb/debian/logrotate@3.8.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.8.0-1%3Fdistro=trixie

url	pkg:deb/debian/logrotate@3.18.0-2%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/logrotate@3.18.0-2%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.18.0-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/logrotate@3.21.0-1?distro=trixie
purl	pkg:deb/debian/logrotate@3.21.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.21.0-1%3Fdistro=trixie

url	pkg:deb/debian/logrotate@3.22.0-1?distro=trixie
purl	pkg:deb/debian/logrotate@3.22.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.22.0-1%3Fdistro=trixie

aliases CVE-2011-1155

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n76n-v9q9-cqgx

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/logrotate@3.21.0-1%3Fdistro=trixie

Package Instance