CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26917
https://notcve.org/view.php?id=CVE-2023-26917
libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysp_stmt_validate_value at lys_parse_mem.c. • https://github.com/CESNET/libyang/issues/1987 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-26916
https://notcve.org/view.php?id=CVE-2023-26916
libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c. • https://github.com/CESNET/libyang/issues/1979 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6NQZHCJG3SBMFOQNIPRZGKDK3ARHLTTB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2VWGCMYKQH4BTFEHX5VYEXXOPIKKFHS • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-15014 – CESNET theme-cesnet resetpassword.php insufficiently protected credentials
https://notcve.org/view.php?id=CVE-2016-15014
A vulnerability has been found in CESNET theme-cesnet up to 1.x on ownCloud and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials. Attacking locally is a requirement. Upgrading to version 2.0.0 is able to address this issue. • https://github.com/CESNET/theme-cesnet/commit/2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6 https://github.com/CESNET/theme-cesnet/pull/1 https://github.com/CESNET/theme-cesnet/releases/tag/2.0.0 https://vuldb.com/?ctiid.217633 https://vuldb.com/?id.217633 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28906
https://notcve.org/view.php?id=CVE-2021-28906
In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash. En la función read_yin_leaf() en libyang versiones anteriores a v1.0.225 incluyéndola, no comprueba si el valor de retval-)ext [r] es NULL. En algunos casos, puede ser NULL, lo que conlleva a la operación de retval-)ext[r]-)flags que resulta en un bloqueo • https://github.com/CESNET/libyang/issues/1455 https://security.gentoo.org/glsa/202107-54 • CWE-252: Unchecked Return Value •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28905
https://notcve.org/view.php?id=CVE-2021-28905
In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617). En la función lys_node_free() en libyang versiones anteriores a v1.0.225 incluyéndola, afirma que el valor de node-)module no puede ser NULL. Pero en algunos casos, node-) module puede ser nulo, lo que desencadena una aserción alcanzable (CWE-617) • https://github.com/CESNET/libyang/issues/1452 https://security.gentoo.org/glsa/202107-54 • CWE-617: Reachable Assertion •