Every CVE whose affected-product data names Oneidentity Syslog-ng, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2008-5110 — CVSS 9.3 (critical): syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a…
CVE-2020-8019 — CVSS 7.7 (high): A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux…
CVE-2024-47619 — CVSS 7.5 (high): syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although…
CVE-2002-1200 — CVSS 7.5 (high): Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size…
CVE-2022-38725 — CVSS 7.5 (high): An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service…
CVE-2011-0343 — CVSS 6.9 (medium): Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes…
CVE-2011-1951 — CVSS 4.3 (medium): lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions…