CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26917
https://notcve.org/view.php?id=CVE-2023-26917
11 Apr 2023 — libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysp_stmt_validate_value at lys_parse_mem.c. • https://github.com/CESNET/libyang/issues/1987 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-26916
https://notcve.org/view.php?id=CVE-2023-26916
03 Apr 2023 — libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c. • https://github.com/CESNET/libyang/issues/1979 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-15014 – CESNET theme-cesnet resetpassword.php insufficiently protected credentials
https://notcve.org/view.php?id=CVE-2016-15014
07 Jan 2023 — A vulnerability has been found in CESNET theme-cesnet up to 1.x on ownCloud and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials. Attacking locally is a requirement. Upgrading to version 2.0.0 is able to address this issue. • https://github.com/CESNET/theme-cesnet/commit/2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28906 – Gentoo Linux Security Advisory 202107-54
https://notcve.org/view.php?id=CVE-2021-28906
20 May 2021 — In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash. En la función read_yin_leaf() en libyang versiones anteriores a v1.0.225 incluyéndola, no comprueba si el valor de retval-)ext [r] es NULL. En algunos casos, puede ser NULL, lo que conlleva a la operación de retval-)ext[r]-)flags que resulta en un bloqueo Multiple vulnerabilities ha... • https://github.com/CESNET/libyang/issues/1455 • CWE-252: Unchecked Return Value •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28905 – Gentoo Linux Security Advisory 202107-54
https://notcve.org/view.php?id=CVE-2021-28905
20 May 2021 — In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617). En la función lys_node_free() en libyang versiones anteriores a v1.0.225 incluyéndola, afirma que el valor de node-)module no puede ser NULL. Pero en algunos casos, node-) module puede ser nulo, lo que desencadena una aserción alcanzable (CWE-617) Multiple vulnerabilities have been found in libyang, the ... • https://github.com/CESNET/libyang/issues/1452 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28904 – Gentoo Linux Security Advisory 202107-54
https://notcve.org/view.php?id=CVE-2021-28904
20 May 2021 — In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash. En la función ext_get_plugin() en libyang versiones anteriores a v1.0.225 incluyéndola, no comprueba si el valor de la revisión es NULL. Si la revisión es NULL, la operación de strcmp (revisión, ext_plugins[u] .revision) provocará un bloqueo Multiple vulnerabilities have been found in libyang, t... • https://github.com/CESNET/libyang/issues/1451 • CWE-252: Unchecked Return Value •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2021-28903 – Gentoo Linux Security Advisory 202107-54
https://notcve.org/view.php?id=CVE-2021-28903
20 May 2021 — A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash. Un desbordamiento de pila en libyang versiones anteriores a v1.0.225 incluyéndola, puede causar una denegación de servicio por medio de la función lyxml_parse_mem(). La función lyxml_parse_elem() será llamada de forma recursiva, lo que consumirá espacio en la pila y conllevará a un bloqueo Mult... • https://github.com/CESNET/libyang/issues/1453 • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28902 – Gentoo Linux Security Advisory 202107-54
https://notcve.org/view.php?id=CVE-2021-28902
20 May 2021 — In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash. En la función read_yin_container() en libyang versiones anteriores a v1.0.225 incluyéndola, no comprueba si el valor de retval-)ext[r] es NULL. En algunos casos, puede ser NULL, lo que conlleva a una operación de retval-)ext [r]-)flags que resulta en un bloqueo Multiple vulnera... • https://github.com/CESNET/libyang/issues/1454 • CWE-252: Unchecked Return Value •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5281 – LDAP connector injection in Perun
https://notcve.org/view.php?id=CVE-2020-5281
25 Mar 2020 — In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input. En Perun versiones anteriores a 3.9.1, VO o el administrador de grupo pueden modificar la configuración de LDAP extSource para recuperar todo desde Perun LDAP. El problema es corregido en la versión 3.9.1, mediante el saneamiento de la entrada. • https://github.com/CESNET/perun/commit/ac527bc3225a64208ee5cee59e5918ee360ca039 • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 1CVE-2019-20391
https://notcve.org/view.php?id=CVE-2019-20391
22 Jan 2020 — An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash. Un fallo de acceso a memoria no válida está presente en libyang versiones anteriores a v1.0-r3, en la función resolve_feature_value() cuando es usada una sentencia if-feature dentro de un bit. Las aplicaciones que usan libyang para analizar archivos de entrada yang no confiabl... • https://bugzilla.redhat.com/show_bug.cgi?id=1793934 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •