|
221711
|
7.5 |
HIGH
Network
|
lustre
|
lustre
|
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-20425
|
2024-11-21 13:38 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221712
|
7.5 |
HIGH
Network
|
lustre
|
lustre
|
In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a client.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-20424
|
2024-11-21 13:38 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221713
|
7.5 |
HIGH
Network
|
lustre
|
lustre
|
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_co…
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-20423
|
2024-11-21 13:38 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221714
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2019-20422
|
2024-11-21 13:38 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221715
|
7.5 |
HIGH
Network
|
exiv2
canonical
debian
|
exiv2
ubuntu_linux
debian_linux
|
In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to ca…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-20421
|
2024-11-21 13:38 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221716
|
5.9 |
MEDIUM
Network
|
parity
|
libsecp256k1
|
A timing vulnerability in the Scalar::check_overflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack.
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-20399
|
2024-11-21 13:38 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221717
|
6.5 |
MEDIUM
Network
|
cesnet
|
libyang
|
A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-20398
|
2024-11-21 13:38 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221718
|
8.8 |
HIGH
Network
|
cesnet
|
libyang
|
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vul…
|
CWE-415
Double Free
|
CVE-2019-20397
|
2024-11-21 13:38 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221719
|
6.5 |
MEDIUM
Network
|
cesnet
|
libyang
|
A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-20396
|
2024-11-21 13:38 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221720
|
6.5 |
MEDIUM
Network
|
cesnet
|
libyang
|
A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.
|
CWE-674
Uncontrolled Recursion
|
CVE-2019-20395
|
2024-11-21 13:38 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
