|
223531
|
7.5 |
HIGH
Network
|
lustre
|
lustre
|
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_co…
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-20423
|
2024-11-21 13:38 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223532
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2019-20422
|
2024-11-21 13:38 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223533
|
7.5 |
HIGH
Network
|
exiv2
canonical
debian
|
exiv2
ubuntu_linux
debian_linux
|
In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to ca…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-20421
|
2024-11-21 13:38 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223534
|
5.9 |
MEDIUM
Network
|
parity
|
libsecp256k1
|
A timing vulnerability in the Scalar::check_overflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack.
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-20399
|
2024-11-21 13:38 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223535
|
6.5 |
MEDIUM
Network
|
cesnet
|
libyang
|
A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-20398
|
2024-11-21 13:38 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223536
|
8.8 |
HIGH
Network
|
cesnet
|
libyang
|
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vul…
|
CWE-415
Double Free
|
CVE-2019-20397
|
2024-11-21 13:38 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223537
|
6.5 |
MEDIUM
Network
|
cesnet
|
libyang
|
A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-20396
|
2024-11-21 13:38 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223538
|
6.5 |
MEDIUM
Network
|
cesnet
|
libyang
|
A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.
|
CWE-674
Uncontrolled Recursion
|
CVE-2019-20395
|
2024-11-21 13:38 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223539
|
8.8 |
HIGH
Network
|
cesnet
|
libyang
|
A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang fil…
|
CWE-415
Double Free
|
CVE-2019-20394
|
2024-11-21 13:38 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223540
|
8.8 |
HIGH
Network
|
cesnet
|
libyang
|
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to …
|
CWE-415
Double Free
|
CVE-2019-20393
|
2024-11-21 13:38 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
