CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15523
https://notcve.org/view.php?id=CVE-2019-15523
An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this function again, as required by the design of the API. Se detectó un problema en LINBIT csync 2 versiones hasta 2.0. No comprueba correctamente el valor de retorno GNUTLS_E_WARNING_ALERT_RECEIVED de la función gnutls_handshake(). • https://github.com/LINBIT/csync2/pull/13/commits/92742544a56bcbcd9ec99ca15f898b31797e39e2 https://lists.debian.org/debian-lts-announce/2021/01/msg00003.html • CWE-252: Unchecked Return Value •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15522
https://notcve.org/view.php?id=CVE-2019-15522
An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL. Se detectó un problema en LINBIT csync2 versiones hasta 2.0. La función csync_daemon_session en el archivo daemon.c olvida forzar un fallo de un comando hello cuando la configuración requiere un uso de SSL. • https://github.com/LINBIT/csync2/commit/416f1de878ef97e27e27508914f7ba8599a0be22 •