Filtered by vendor Elog Project Subscriptions
Filtered by product Elog Subscriptions
Total 6 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-3996 2 Elog Project, Fedoraproject 2 Elog, Fedora 2024-11-21 6.5 Medium
ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests.
CVE-2019-3995 2 Elog Project, Fedoraproject 2 Elog, Fedora 2024-11-21 7.5 High
ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. A remote unauthenticated attacker can crash the ELOG server by sending a crafted HTTP GET request.
CVE-2019-3994 2 Elog Project, Fedoraproject 2 Elog, Fedora 2024-11-21 7.5 High
ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST requests which causes the ELOG function retrieve_url() to use a freed variable.
CVE-2019-3993 2 Elog Project, Fedoraproject 2 Elog, Fedora 2024-11-21 7.5 High
ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can recover a user's password hash by sending a crafted HTTP POST request.
CVE-2019-3992 2 Elog Project, Fedoraproject 2 Elog, Fedora 2024-11-21 7.5 High
ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can access the server's configuration file by sending an HTTP GET request. Amongst the configuration data, the attacker may gain access to valid admin usernames and, in older versions of ELOG, passwords.
CVE-2016-6342 2 Elog Project, Fedoraproject 2 Elog, Fedora 2024-11-21 7.5 High
elog 3.1.1 allows remote attackers to post data as any username in the logbook.