Skip to main content

Elog

7 CVEs product

Monthly

CVE-2025-64348 HIGH PATCH This Week

Configuration file manipulation in ELOG electronic logbook system allows authenticated attackers to trigger denial of service by modifying or overwriting the configuration file. If the rarely-used execute facility is enabled via '-x' command line flag, the vulnerability escalates to remote code execution on the underlying host. Vendor patches are available via Bitbucket commits 7092ff6 and f81e569. EPSS data not available; no CISA KEV listing indicates targeted rather than widespread exploitation. The 7.1 CVSS 4.0 score reflects high availability impact and low integrity impact under default configurations, with significantly higher risk in non-default deployments using the execute facility.

Authentication Bypass Denial Of Service Elog
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2019-3996 MEDIUM POC This Month

ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Elog Fedora
NVD
CVSS 3.1
6.5
EPSS
5.9%
CVE-2019-3995 HIGH POC THREAT This Week

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Elog Fedora
NVD
CVSS 3.1
7.5
EPSS
28.5%
CVE-2019-3994 HIGH POC This Week

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Memory Corruption Elog Fedora
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2019-3993 HIGH POC THREAT This Week

ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Elog Fedora
NVD
CVSS 3.1
7.5
EPSS
45.7%
CVE-2019-3992 HIGH POC This Week

ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Elog Fedora
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2016-6342 HIGH This Week

elog 3.1.1 allows remote attackers to post data as any username in the logbook. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fedora Elog
NVD
CVSS 3.1
7.5
EPSS
0.2%
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Configuration file manipulation in ELOG electronic logbook system allows authenticated attackers to trigger denial of service by modifying or overwriting the configuration file. If the rarely-used execute facility is enabled via '-x' command line flag, the vulnerability escalates to remote code execution on the underlying host. Vendor patches are available via Bitbucket commits 7092ff6 and f81e569. EPSS data not available; no CISA KEV listing indicates targeted rather than widespread exploitation. The 7.1 CVSS 4.0 score reflects high availability impact and low integrity impact under default configurations, with significantly higher risk in non-default deployments using the execute facility.

Authentication Bypass Denial Of Service Elog
NVD
EPSS 6% CVSS 6.5
MEDIUM POC This Month

ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Elog Fedora
NVD
EPSS 29% CVSS 7.5
HIGH POC THREAT This Week

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Elog +1
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Memory Corruption +2
NVD
EPSS 46% CVSS 7.5
HIGH POC THREAT This Week

ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Elog Fedora
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Elog Fedora
NVD
EPSS 0% CVSS 7.5
HIGH This Week

elog 3.1.1 allows remote attackers to post data as any username in the logbook. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fedora Elog
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy