Elog Security Vulnerabilities and Issues — Elog CVE List

Lucene search

Elog ProjectElog

6 matches found

CVE•added 2019/12/17 10:15 p.m.•67 views

CVE-2019-3994

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST requests which causes the ELOG function retrieve_url() to use a freed variable.

7.5CVSS7.4AI score0.028EPSS

CVE•added 2019/12/17 10:15 p.m.•66 views

CVE-2019-3996

ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests.

7.5CVSS6.9AI score0.03524EPSS

CVE•added 2019/12/17 10:15 p.m.•65 views

CVE-2019-3995

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. A remote unauthenticated attacker can crash the ELOG server by sending a crafted HTTP GET request.

7.5CVSS7.2AI score0.07962EPSS

CVE•added 2019/12/17 10:15 p.m.•63 views

CVE-2019-3992

ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can access the server's configuration file by sending an HTTP GET request. Amongst the configuration data, the attacker may gain access to valid admin usernames and, in older versi...

7.5CVSS7.3AI score0.04031EPSS

CVE•added 2017/06/27 8:29 p.m.•54 views

CVE-2016-6342

elog 3.1.1 allows remote attackers to post data as any username in the logbook.

7.5CVSS7.3AI score0.00228EPSS

CVE•added 2019/12/17 10:15 p.m.•54 views

CVE-2019-3993

ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can recover a user's password hash by sending a crafted HTTP POST request.

7.5CVSS7.3AI score0.11612EPSS