CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1CVE-2019-20392
https://notcve.org/view.php?id=CVE-2019-20392
22 Jan 2020 — An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash. Un fallo de acceso a memoria no válida está presente en libyang versiones anteriores a v1.0-r1, en la función resolve_feature_value() cuando es usada una sentencia if-feature dentro de un nodo de clave de lista, y la característic... • https://bugzilla.redhat.com/show_bug.cgi?id=1793922 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 1CVE-2019-20393
https://notcve.org/view.php?id=CVE-2019-20393
22 Jan 2020 — A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution. Una doble liberación está presente en libyang versiones anteriores a v1.0-r1, en la función yyparse() cuando es usada una descripción vacía. Las aplicaciones que usan libyang para analizar archivos de entrada yang no confiables pueden ser vulner... • https://bugzilla.redhat.com/show_bug.cgi?id=1793930 • CWE-415: Double Free •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 1CVE-2019-20394
https://notcve.org/view.php?id=CVE-2019-20394
22 Jan 2020 — A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution. Una doble liberación está presente en libyang versiones anteriores a v1.0-r3, en la función yyparse() cuando se usa una sentencia type dentro de una sentencia notification. Las aplicaciones que usan libyang para analizar ... • https://bugzilla.redhat.com/show_bug.cgi?id=1793932 • CWE-415: Double Free •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1CVE-2019-20395
https://notcve.org/view.php?id=CVE-2019-20395
22 Jan 2020 — A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash. Un problema de consumo de pila está presente en libyang versiones anteriores a v1.0-r1, debido al tipo de unión autorreferencial que contiene leafrefs. Las aplicaciones que usan libyang para analizar archivos de entrada yang no confiables pueden bloquearse. • https://bugzilla.redhat.com/show_bug.cgi?id=1793924 • CWE-674: Uncontrolled Recursion •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1CVE-2019-20396
https://notcve.org/view.php?id=CVE-2019-20396
22 Jan 2020 — A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing. Un error de segmentación está presente en yyparse en libyang versiones anteriores a v1.0-r1, debido a un valor de sentencia pattern malformado durante el análisis de lys_parse_path. • https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2019-20397
https://notcve.org/view.php?id=CVE-2019-20397
22 Jan 2020 — A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution. Una doble liberación está presente en libyang versiones anteriores a v1.0-r1, en la función yyparse() cuando un campo organization no es terminado. Las aplicaciones que usan libyang para analizar archivos de entrada yang no confiables... • https://bugzilla.redhat.com/show_bug.cgi?id=1793928 • CWE-415: Double Free •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 1CVE-2019-20398
https://notcve.org/view.php?id=CVE-2019-20398
22 Jan 2020 — A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash. Una desreferencia del puntero NULL está presente en libyang versiones anteriores a v1.0-r3, en la función lys_extension_instances_free() debido a una copia de extensiones no resuelta en la función lys_restr_dup(). Las aplicaciones que usan libyang para analizar arc... • https://bugzilla.redhat.com/show_bug.cgi?id=1793935 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2019-19334 – libyang: stack-based buffer overflow in make_canonical when identityref leaf type is used
https://notcve.org/view.php?id=CVE-2019-19334
06 Dec 2019 — In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution. En todas las versiones de libyang anteriores a 1.0-r5, se detectó un desbordamiento del búfer en la región heap de la memoria en la manera en que libyang analiza los ... • https://access.redhat.com/errata/RHSA-2019:4360 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2019-19333 – libyang: stack-based buffer overflow in make_canonical when bits leaf type is used
https://notcve.org/view.php?id=CVE-2019-19333
06 Dec 2019 — In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution. En todas las versiones de libyang anteriores a 1.0-r5, se detectó un desbordamiento del búfer en la región heap de la memoria en la manera en que libyang analiza los archivo... • https://access.redhat.com/errata/RHSA-2019:4360 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15537
https://notcve.org/view.php?id=CVE-2019-15537
23 Aug 2019 — The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php. El módulo proxystatistics anterior a la versión 3.1.0 para SimpleSAMLphp permite la inyección de SQL en lib / Auth / Process / DatabaseCommand.php. • https://github.com/CESNET/proxystatistics-simplesamlphp-module/pull/18 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •