Elog
Monthly
Configuration file manipulation in ELOG electronic logbook system allows authenticated attackers to trigger denial of service by modifying or overwriting the configuration file. If the rarely-used execute facility is enabled via '-x' command line flag, the vulnerability escalates to remote code execution on the underlying host. Vendor patches are available via Bitbucket commits 7092ff6 and f81e569. EPSS data not available; no CISA KEV listing indicates targeted rather than widespread exploitation. The 7.1 CVSS 4.0 score reflects high availability impact and low integrity impact under default configurations, with significantly higher risk in non-default deployments using the execute facility.
ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
elog 3.1.1 allows remote attackers to post data as any username in the logbook. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Configuration file manipulation in ELOG electronic logbook system allows authenticated attackers to trigger denial of service by modifying or overwriting the configuration file. If the rarely-used execute facility is enabled via '-x' command line flag, the vulnerability escalates to remote code execution on the underlying host. Vendor patches are available via Bitbucket commits 7092ff6 and f81e569. EPSS data not available; no CISA KEV listing indicates targeted rather than widespread exploitation. The 7.1 CVSS 4.0 score reflects high availability impact and low integrity impact under default configurations, with significantly higher risk in non-default deployments using the execute facility.
ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
elog 3.1.1 allows remote attackers to post data as any username in the logbook. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.