Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
icon5.gif   Vulnerability?, posted by Alessandro Petrolini on Thu Mar 3 08:26:40 2022 
    icon2.gif   Re: Vulnerability?, posted by Konstantin Olchanski on Thu Mar 3 16:49:40 2022 
       icon2.gif   Re: Vulnerability?, posted by Alessandro Petrolini on Fri Mar 4 08:51:24 2022 
          icon2.gif   Re: Vulnerability?, posted by Alessandro Petrolini on Sun Mar 6 09:00:33 2022 
             icon2.gif   Re: Vulnerability?, posted by Konstantin Olchanski on Sun Mar 6 17:33:04 2022 
                icon2.gif   Re: Vulnerability?, posted by Stefan Ritt on Mon Mar 7 08:49:41 2022 
                   icon2.gif   Re: Vulnerability?, posted by Daniel Pfuhl on Mon Mar 7 14:30:16 2022 
                   icon2.gif   Re: Vulnerability?, posted by Jan Just Keijser on Mon Mar 7 17:46:39 2022 
                      icon2.gif   Re: Vulnerability?, posted by Jan Just Keijser on Wed Mar 9 17:55:31 2022 elog-3.1.4-1ebfd06c-win64.zip
                         icon2.gif   Re: Vulnerability?, posted by Daniel Pfuhl on Tue Apr 19 15:47:59 2022 
                            icon2.gif   Re: Vulnerability?, posted by Jan Just Keijser on Tue Apr 19 17:02:57 2022 
                               icon2.gif   Re: Vulnerability?, posted by Daniel Pfuhl on Tue Apr 19 20:13:04 2022 
                                  icon2.gif   Re: Vulnerability?, posted by Jan Just Keijser on Fri Apr 22 17:10:24 2022 
                   icon2.gif   Re: Vulnerability?, posted by Laurent Jean-Rigaud on Mon Mar 7 22:07:54 2022 elog-3.1.4-395e101.zip
                   icon2.gif   Re: Vulnerability?, posted by Florian Heigl on Mon Apr 18 19:16:36 2022 
                      icon2.gif   Re: Vulnerability?, posted by Konstantin Olchanski on Tue Apr 19 21:15:19 2022 
                         icon2.gif   Re: Vulnerability?, posted by Konstantin Olchanski on Fri Apr 22 21:15:37 2022 
                            icon2.gif   Re: Vulnerability?, posted by Konstantin Olchanski on Tue Apr 26 17:39:49 2022 
                               icon2.gif   history of long-removed freebsd package, Re: Vulnerability?, posted by Konstantin Olchanski on Tue Apr 26 18:03:03 2022 
                               icon2.gif   Re: Vulnerability?, posted by Konstantin Olchanski on Wed Apr 27 19:36:25 2022 
                      icon12.gif   Re: Vulnerability?, posted by Andreas Luedeke on Fri Apr 22 12:55:21 2022 
       icon2.gif   Re: Vulnerability?, posted by Konstantin Olchanski on Sat Apr 23 18:05:57 2022 
Message ID: 69483     Entry time: Thu Mar 3 08:26:40 2022     Reply to this: 69484
Icon: Question  Author: Alessandro Petrolini  Author Email: alessandro.petrolini@cern.ch 
Category: Question  OS: Windows  ELOG Version: 3.1.4-a04faf9f 
Subject: Vulnerability? 

Hi, I have been using elog for years at CERN.

Now I installed in my local workstation at my home inistitue

and sysadmin reported the following vulnerabilities:

  - Configuration File Disclosure (CVE-2019-3992)

  - Password Hash Disclosure (CVE-2019-3993)

  - Use After Free (CVE-2019-3994)

  - NULL Pointer Dereference (CVE-2019-3995)

  - Unintended Proxy (CVE-2019-3996)

Am I doing soimething wrong?

sysadmin will not allow me to use it until it is fixed....

Any help is welcome.

 

ELOG V3.1.4-bcd7b50