{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92121?format=json","vulnerability_id":"VCID-2rmg-7wqe-nqcq","summary":"Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.","aliases":[{"alias":"CVE-2011-0343"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940417?format=json","purl":"pkg:deb/debian/syslog-ng@3.1.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.1.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1053480?format=json","purl":"pkg:deb/debian/syslog-ng@3.1.3-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gf1-xw2a-dqgq"},{"vulnerability":"VCID-1xzy-xag3-5ybt"},{"vulnerability":"VCID-d3hk-n3x4-dfb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.1.3-3"},{"url":"http://public2.vulnerablecode.io/api/packages/940412?format=json","purl":"pkg:deb/debian/syslog-ng@3.28.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.28.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940410?format=json","purl":"pkg:deb/debian/syslog-ng@3.38.1-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@3.38.1-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940414?format=json","purl":"pkg:deb/debian/syslog-ng@4.8.1-5%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@4.8.1-5%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940413?format=json","purl":"pkg:deb/debian/syslog-ng@4.8.1-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@4.8.1-7%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1053474?format=json","purl":"pkg:deb/debian/syslog-ng@1.4.0rc3-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gf1-xw2a-dqgq"},{"vulnerability":"VCID-1xzy-xag3-5ybt"},{"vulnerability":"VCID-2rmg-7wqe-nqcq"},{"vulnerability":"VCID-8csr-snmd-dqby"},{"vulnerability":"VCID-bfpg-vpax-ryhy"},{"vulnerability":"VCID-c9ef-1f5v-y7b7"},{"vulnerability":"VCID-d3hk-n3x4-dfb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@1.4.0rc3-3"},{"url":"http://public2.vulnerablecode.io/api/packages/1053475?format=json","purl":"pkg:deb/debian/syslog-ng@1.5.15-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gf1-xw2a-dqgq"},{"vulnerability":"VCID-1xzy-xag3-5ybt"},{"vulnerability":"VCID-2rmg-7wqe-nqcq"},{"vulnerability":"VCID-8csr-snmd-dqby"},{"vulnerability":"VCID-bfpg-vpax-ryhy"},{"vulnerability":"VCID-c9ef-1f5v-y7b7"},{"vulnerability":"VCID-d3hk-n3x4-dfb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@1.5.15-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1053476?format=json","purl":"pkg:deb/debian/syslog-ng@1.6.5-2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gf1-xw2a-dqgq"},{"vulnerability":"VCID-1xzy-xag3-5ybt"},{"vulnerability":"VCID-2rmg-7wqe-nqcq"},{"vulnerability":"VCID-bfpg-vpax-ryhy"},{"vulnerability":"VCID-c9ef-1f5v-y7b7"},{"vulnerability":"VCID-d3hk-n3x4-dfb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@1.6.5-2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1053477?format=json","purl":"pkg:deb/debian/syslog-ng@2.0.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gf1-xw2a-dqgq"},{"vulnerability":"VCID-1xzy-xag3-5ybt"},{"vulnerability":"VCID-2rmg-7wqe-nqcq"},{"vulnerability":"VCID-bfpg-vpax-ryhy"},{"vulnerability":"VCID-c9ef-1f5v-y7b7"},{"vulnerability":"VCID-d3hk-n3x4-dfb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@2.0.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1053478?format=json","purl":"pkg:deb/debian/syslog-ng@2.0.0-1etch1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gf1-xw2a-dqgq"},{"vulnerability":"VCID-1xzy-xag3-5ybt"},{"vulnerability":"VCID-2rmg-7wqe-nqcq"},{"vulnerability":"VCID-bfpg-vpax-ryhy"},{"vulnerability":"VCID-c9ef-1f5v-y7b7"},{"vulnerability":"VCID-d3hk-n3x4-dfb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@2.0.0-1etch1"},{"url":"http://public2.vulnerablecode.io/api/packages/1053479?format=json","purl":"pkg:deb/debian/syslog-ng@2.0.9-4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gf1-xw2a-dqgq"},{"vulnerability":"VCID-1xzy-xag3-5ybt"},{"vulnerability":"VCID-2rmg-7wqe-nqcq"},{"vulnerability":"VCID-d3hk-n3x4-dfb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/syslog-ng@2.0.9-4.1"}],"references":[{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491","reference_id":"","reference_type":"","scores":[],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0343","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13219","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13117","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13225","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13291","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13089","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13171","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13222","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13191","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13153","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13102","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13003","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13006","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13108","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13077","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12974","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12879","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13034","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13112","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1313","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13204","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0343"},{"reference_url":"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"},{"reference_url":"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"},{"reference_url":"http://www.securityfocus.com/archive/1/515955/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/515955/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/45988","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/45988"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491","reference_id":"608491","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:open_source:*:*:*","reference_id":"cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:open_source:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:open_source:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:premium:*:*:*","reference_id":"cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:premium:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:premium:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:3.0:*:*:*:open_source:*:*:*","reference_id":"cpe:2.3:a:oneidentity:syslog-ng:3.0:*:*:*:open_source:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:3.0:*:*:*:open_source:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:3.0:*:*:*:premium:*:*:*","reference_id":"cpe:2.3:a:oneidentity:syslog-ng:3.0:*:*:*:premium:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:3.0:*:*:*:premium:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:3.1:*:*:*:open_source:*:*:*","reference_id":"cpe:2.3:a:oneidentity:syslog-ng:3.1:*:*:*:open_source:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:3.1:*:*:*:open_source:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:3.1:*:*:*:premium:*:*:*","reference_id":"cpe:2.3:a:oneidentity:syslog-ng:3.1:*:*:*:premium:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:3.1:*:*:*:premium:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:3.2:*:*:*:open_source:*:*:*","reference_id":"cpe:2.3:a:oneidentity:syslog-ng:3.2:*:*:*:open_source:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:3.2:*:*:*:open_source:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:3.2:*:*:*:premium:*:*:*","reference_id":"cpe:2.3:a:oneidentity:syslog-ng:3.2:*:*:*:premium:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:3.2:*:*:*:premium:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0343","reference_id":"CVE-2011-0343","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:C/I:C/A:C"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0343"}],"weaknesses":[{"cwe_id":264,"name":"Permissions, Privileges, and Access Controls","description":"Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control."}],"exploits":[],"severity_range_score":"6.9 - 6.9","exploitability":"0.5","weighted_severity":"6.2","risk_score":3.1,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2rmg-7wqe-nqcq"}