Cesnet Cesnet

  1. Vendors
  2. Cesnet
Do you want an email whenever new security vulnerabilities are reported in any Cesnet product?

Products by Cesnet Sorted by Most Security Vulnerabilities since 2018

Cesnet Libyang17 vulnerabilities

Cesnet Perun1 vulnerability

Cesnet Proxystatistics1 vulnerability

Theme Cesnet1 vulnerability

By the Year

In 2024 there have been 0 vulnerabilities in Cesnet . Last year Cesnet had 3 security vulnerabilities published. Right now, Cesnet is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 3 6.10
2022 0 0.00
2021 5 7.50
2020 9 7.38
2019 3 9.80
2018 0 0.00

It may take a day or so for new Cesnet vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Cesnet Security Vulnerabilities

libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference

CVE-2023-26917 7.5 - High - April 11, 2023

libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysp_stmt_validate_value at lys_parse_mem.c.

NULL Pointer Dereference

libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference

CVE-2023-26916 5.3 - Medium - April 03, 2023

libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c.

NULL Pointer Dereference

A vulnerability has been found in CESNET theme-cesnet up to 1.x on ownCloud and classified as problematic

CVE-2016-15014 5.5 - Medium - January 07, 2023

A vulnerability has been found in CESNET theme-cesnet up to 1.x on ownCloud and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials. Attacking locally is a requirement. Upgrading to version 2.0.0 is able to address this issue. The identifier of the patch is 2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6. It is recommended to upgrade the affected component. The identifier VDB-217633 was assigned to this vulnerability.

Insufficiently Protected Credentials

In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL

CVE-2021-28902 7.5 - High - May 20, 2021

In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.

Unchecked Return Value

A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem()

CVE-2021-28903 7.5 - High - May 20, 2021

A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.

Stack Exhaustion

In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL

CVE-2021-28904 7.5 - High - May 20, 2021

In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash.

Unchecked Return Value

In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL

CVE-2021-28905 7.5 - High - May 20, 2021

In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617).

assertion failure

In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL

CVE-2021-28906 7.5 - High - May 20, 2021

In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.

Unchecked Return Value

In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP

CVE-2020-5281 7.5 - High - March 25, 2020

In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input.

Incorrect Permission Assignment for Critical Resource

A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated

CVE-2019-20397 8.8 - High - January 22, 2020

A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.

Double-free

A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup()

CVE-2019-20398 6.5 - Medium - January 22, 2020

A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash.

NULL Pointer Dereference

A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.

CVE-2019-20396 6.5 - Medium - January 22, 2020

A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.

Buffer Overflow

A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs

CVE-2019-20395 6.5 - Medium - January 22, 2020

A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.

Stack Exhaustion

A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement

CVE-2019-20394 8.8 - High - January 22, 2020

A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.

Double-free

A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used

CVE-2019-20393 8.8 - High - January 22, 2020

A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.

Double-free

An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node

CVE-2019-20392 6.5 - Medium - January 22, 2020

An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.

Buffer Overflow

An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit

CVE-2019-20391 6.5 - Medium - January 22, 2020

An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash.

Buffer Overflow

In all versions of libyang before 1.0-r5

CVE-2019-19334 9.8 - Critical - December 06, 2019

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.

Memory Corruption

In all versions of libyang before 1.0-r5

CVE-2019-19333 9.8 - Critical - December 06, 2019

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.

Memory Corruption

The proxystatistics module before 3.1.0 for SimpleSAMLphp

CVE-2019-15537 9.8 - Critical - August 23, 2019

The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php.

SQL Injection

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.