Juniper Networks Junos OS and Juniper Networks Junos OS Evolved security vulnerabilities

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved are both products of Juniper Networks, a US-based company. Juniper Networks Junos OS is a network operating system specifically designed for the company’s hardware devices. This operating system provides secure programming interfaces...

PT-2026-3108

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service jdhcpd of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Denial of Service DoS on the downstream DHCP...

PT-2026-3111

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on MX, SRX and EX Series versions prior to 22.4R3-S8 Juniper Networks Junos OS on MX, SRX and EX Series versions 23.2 before 23.2R2-S5 Juniper Networks Junos OS on MX, SRX and EX Series versions 23.4 before 23.4R2-S6...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001853)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001853 advisory. Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service guest OS crash via a crafted application th...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003053)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003053 advisory. The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service host OS infinite loop a...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002474)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002474 advisory. The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, whic...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003244)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003244 advisory. arch/powerpc/kvm/book3shvrmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIGKVMBOOK3S64HV is enabled, allows guest OS users to cause a...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002761)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002761 advisory. arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS,...

KernelCare : Live Kernel Patching

KernelCare is being used to maintain the remote host's operating system kernel without requiring reboots. %NASLMINLEVEL 80900 C Tenable Network Security, Inc. include"compat.inc"; if description scriptid286277; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate",...

Mozilla Thunderbird < 147.0

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 147.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-04 advisory. - Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002169)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002169 advisory. arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003124)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003124 advisory. Improper invalidation for page table updates by a virtual guest operating system for multiple IntelR Processors may allow an authenticated user to potentially enable...

SAP NetWeaver ICM Info Sensitive Information Disclosure

SAP NetWeaver Internet Communication Manager ICM includes an information page that can disclose sensitive information about the SAP platform, such as operating system version, SAP version, IP address, and other details. If this page is accessible without proper authentication, it can expose...

CVE-2025-37177

An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation of this vulnerability could allow an authenticated remote malicious actor to delete arbitrary files within th...

CVE-2025-37172

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating...

CVE-2025-37173

An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor with valid credentials to trigger unintended behavior on the affected...

CVE-2025-37170

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating...

CVE-2026-21267

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue requires user interaction in that a victim...

CVE-2025-14317

CVE-2025-14317 – Crazy Bubble Tea mobile app : An authenticated attacker can obtain personal information of other users by enumerating a loyaltyGuestId parameter. The server does not verify required permissions to access data. This has been fixed in Android version 915 and iOS version 7.4.1. Affe...

Juniper Junos OS Vulnerability (JSA106018)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA106018 advisory. - A Double Free vulnerability in the flow processing daemon flowd of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cau...