[SECURITY] Fedora 31 Update: elog-3.1.4-1.20190113git283534d97d5a.fc31

ELOG is part of a family of applications known as weblogs. Their general purpose is: 1. To make it easy for people to put information online in a chronological fashion, in the form of short, time-stamped text messages "entries" with optional HTML markup for presentation, and optional file...

[SECURITY] Fedora 30 Update: elog-3.1.4-1.20190113git283534d97d5a.fc30

ELOG is part of a family of applications known as weblogs. Their general purpose is: 1. To make it easy for people to put information online in a chronological fashion, in the form of short, time-stamped text messages "entries" with optional HTML markup for presentation, and optional file...

ELOG <= 3.1.4 Multiple Vulnerabilities

ELOG is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elogproject:elog"; ifdescription...

CVE-2019-20375

A cross-site scripting XSS vulnerability in Electronic Logbook ELOG 3.1.4 allows remote attackers to inject arbitrary web script or HTML via the value parameter in a localization loc command to elogd.c...

CVE-2019-20375

A cross-site scripting XSS vulnerability in Electronic Logbook ELOG 3.1.4 allows remote attackers to inject arbitrary web script or HTML via the value parameter in a localization loc command to elogd.c...

CVE-2019-20376

A cross-site scripting XSS vulnerability in Electronic Logbook ELOG 3.1.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG document to elogd.c...

Cross site scripting

A cross-site scripting XSS vulnerability in Electronic Logbook ELOG 3.1.4 allows remote attackers to inject arbitrary web script or HTML via the value parameter in a localization loc command to elogd.c...

Cross site scripting

A cross-site scripting XSS vulnerability in Electronic Logbook ELOG 3.1.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG document to elogd.c...

CVE-2019-20375

The CVE-2019-20375 entry applies to Electronic Logbook (ELOG)

CVE-2019-20375

A cross-site scripting XSS vulnerability in Electronic Logbook ELOG 3.1.4 allows remote attackers to inject arbitrary web script or HTML via the value parameter in a localization loc command to elogd.c...

CVE-2019-20376

CVE-2019-20376 is a confirmed XSS vulnerability in Electronic Logbook (ELOG) 3.1.4. A remote attacker can inject arbitrary script/HTML via a crafted SVG document sent to elogd.c. Affected data exposure/impact is described as partial integrity impact with low confidentiality impact; CVSS metrics i...

CVE-2019-20376

A cross-site scripting XSS vulnerability in Electronic Logbook ELOG 3.1.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG document to elogd.c...

ELOG Information Disclosure Vulnerability

ELOG is a web application written in C for creating personal and general purpose logs. An information disclosure vulnerability exists in ELOG 3.1.4-57bea22 and prior versions. The vulnerability stems from errors such as configuration during operation of a networked system or product. An...

ELOG Null Pointer Dereference Vulnerability

ELOG is a web application written in C for creating personal and general purpose logs. A null pointer dereference vulnerability exists in ELOG 3.1.4-57bea22 and prior versions. A remote attacker can exploit this vulnerability by sending an HTTP GET request to cause the ELOG server to crash,...

ELOG Reuse After Release Vulnerability

ELOG is a web application written in C for creating personal and general logs. A post-release reuse vulnerability exists in ELOG 3.1.4-57bea22 and prior versions. A remote attacker can exploit this vulnerability by sending multiple HTTP POST requests to cause the ELOG server to crash, resulting i...

ELOG Information Disclosure Vulnerability (CNVD-2020-04142)

ELOG is a web application written in C for creating personal and general purpose logs. An information disclosure vulnerability exists in ELOG 3.1.4-57bea22 and prior versions. The vulnerability stems from errors such as configuration during operation of a networked system or product. An...

ELOG Unintended Proxy Vulnerability

ELOG is a web application written in C for creating personal and general purpose logs. An unintended proxy vulnerability exists in ELOG 3.1.4-57bea22 and earlier versions, which can be exploited by an unauthenticated, remote attacker by sending a specially crafted HTTP POST request that uses ELOG...

CVE-2019-3994

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST requests which causes the ELOG function retrieveurl to use a freed variable...

CVE-2019-3995

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. A remote unauthenticated attacker can crash the ELOG server by sending a crafted HTTP GET request...

CVE-2019-3993

ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can recover a user's password hash by sending a crafted HTTP POST request...