VulnerableCode Package Details - pkg:deb/debian/syslog-ng@2.0.0-1etch1

Search for packages

Package details: pkg:deb/debian/syslog-ng@2.0.0-1etch1

Essentials
History (6)

purl	pkg:deb/debian/syslog-ng@2.0.0-1etch1

Next non-vulnerable version	4.8.1-5
Latest non-vulnerable version	4.8.1-5
Risk	3.4

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-9s6e-ubst-rude Aliases: CVE-2011-1951		3.3.5-4 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ct3h-e6nt-hbbe Aliases: CVE-2022-38725	An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.	3.28.1-2+deb11u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-dudn-nx52-qfe8 Aliases: CVE-2011-0343		3.1.3-3 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-hdcc-cab9-x3eu Aliases: CVE-2024-47619	syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo..bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.ac.bar` which glib matches but should be avoided / invalidated. This issue could have an impact on TLS connections, such as in man-in-the-middle situations. Version 4.8.2 contains a fix for the issue.	3.38.1-5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 4.8.1-5 Affected by 0 other vulnerabilities.
VCID-ka3z-2wmv-8ygm Aliases: CVE-2007-6437	syslog-ng crash by message with invalid timestamp separator	2.0.9-4.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-qh34-y4u6-zqgs Aliases: CVE-2008-5110	syslog-ng improper chroot	2.0.9-4.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T18:09:21.808680+00:00	Debian Oval Importer	Affected by	VCID-ct3h-e6nt-hbbe	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:26:25.358083+00:00	Debian Oval Importer	Affected by	VCID-qh34-y4u6-zqgs	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:04:20.409742+00:00	Debian Oval Importer	Affected by	VCID-9s6e-ubst-rude	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:38:35.635981+00:00	Debian Oval Importer	Affected by	VCID-ka3z-2wmv-8ygm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:14:08.090642+00:00	Debian Oval Importer	Affected by	VCID-dudn-nx52-qfe8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:02:06.934807+00:00	Debian Oval Importer	Affected by	VCID-hdcc-cab9-x3eu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0