{"vulnerability": "CVE-2020-35488", "sightings": [{"uuid": "1a99b175-eda6-43be-93ec-cd05d1e10c94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35488", "type": "seen", "source": "https://t.me/cibsecurity/21574", "content": "\u203c CVE-2020-35488 \u203c\n\nThe fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service (daemon crash) via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, the name of the directory created must use a Syslog field. (For example, on Linux it is not possible to create a .. directory. On Windows, it is not possible to create a CON directory.)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-05T19:25:20.000000Z"}]}