ELOG Project ELOG 2.3.7

CPE Details

ELOG Project ELOG 2.3.7
elog_project
elog
2.3.7
2019-12-20
14h47 +00:00
2019-12-20
14h47 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:elog_project:elog:2.3.7:*:*:*:*:*:*:*

Informations

Vendor

elog_project

Product

elog

Version

2.3.7

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2019-3996 2019-12-17 20h59 +00:00 ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests.
6.5
Moyen
CVE-2019-3995 2019-12-17 20h59 +00:00 ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. A remote unauthenticated attacker can crash the ELOG server by sending a crafted HTTP GET request.
7.5
Haute
CVE-2019-3994 2019-12-17 20h59 +00:00 ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST requests which causes the ELOG function retrieve_url() to use a freed variable.
7.5
Haute
CVE-2019-3993 2019-12-17 20h59 +00:00 ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can recover a user's password hash by sending a crafted HTTP POST request.
7.5
Haute
CVE-2019-3992 2019-12-17 20h55 +00:00 ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can access the server's configuration file by sending an HTTP GET request. Amongst the configuration data, the attacker may gain access to valid admin usernames and, in older versions of ELOG, passwords.
7.5
Haute
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.