Vulnerabilities > Oneidentity > Syslog NG > 1.4.9

DATE CVE VULNERABILITY TITLE RISK
2020-06-29 CVE-2020-8019 UNIX Symbolic Link (Symlink) Following vulnerability in Oneidentity Syslog-Ng
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server for SAP 12-SP1; openSUSE Backports SLE-15-SP1, openSUSE Leap 15.1 allowed local attackers controlling the user news to escalate their privileges to root.
local
low complexity
oneidentity CWE-61
7.2
2008-11-17 CVE-2008-5110 Unspecified vulnerability in Oneidentity Syslog-Ng
syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail.
network
oneidentity
critical
9.3
2002-10-28 CVE-2002-1200 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oneidentity Syslog-Ng
Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.
network
low complexity
oneidentity CWE-119
7.5