CVE-2026-21915 JSI Virtual Lightweight Collector: Shell escape allows privilege escalation to root

A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights JSI Virtual Lightweight Collector vLWC allows a local, high privileged attacker to escalate their privileges to root. The CLI menu accepts input without carefully validating it, which allows for shell...

CVE-2024-24189

Jsish v3.5.0 commit 42c694c was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c...

PT-2023-11643 · Jsish · Jsish

Name of the Vulnerable Software and Affected Versions: Jsish version 3.0.11 Description: An issue in Jsish allows a remote attacker to cause a denial of service via the Jsi ValueIsNumber function in the ./src/jsiValue.c file. Recommendations: For Jsish version 3.0.11, as a temporary workaround,...

CVE-2021-46499

Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsiValueCopyMove in src/jsiValue.c. This vulnerability can lead to a Denial of Service DoS...

CVE-2021-46496

Jsish v3.5.0 was discovered to contain a heap-use-after-free via JsiObjFree in src/jsiObj.c. This vulnerability can lead to a Denial of Service DoS...

CVE-2021-46489

Jsish v3.5.0 was discovered to contain a heap-use-after-free via JsiDecrRefCount in src/jsiValue.c. This vulnerability can lead to a Denial of Service DoS...

PT-2022-12752 · Jsish · Jsish

Name of the Vulnerable Software and Affected Versions: Jsish version 3.5.0 Description: A stack overflow issue was discovered in Jsish via the Jsi LogMsg function at src/jsiUtils.c. Recommendations: For Jsish version 3.5.0, consider disabling the Jsi LogMsg function as a temporary workaround unti...

CVE-2020-22875

Jsish CVE-2020-22875 is a vulnerability in the Jsi_ObjSetLength function where an integer overflow in that function allows remote code execution. Affected is jsish versions before 3.0.6 (NVD) and variants cited as vulnerable before 3.0.8 (CNVD). The root cause is improper boundary checks in Jsi_O...

Jsish 输入验证错误漏洞

Jsish is a small JavaScript parser written in C with a built-in database.Jsish has a buffer overflow vulnerability in versions prior to 3.0.8, which stems from the failure of the product's JsiObjArraySizer function to restrict integer data boundaries, allowing an attacker to execute arbitrary cod...

Jsish 输入验证错误漏洞

Jsish is a small JavaScript parser written in C with a built-in database.Jsish has a buffer overflow vulnerability in versions prior to 3.0.8, which stems from the failure of the product's JsiObjSetLength function to restrict integer data boundaries, allowing an attacker to execute arbitrary code...

CVE-2019-1010162

jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. The impact is: denial of service. The component is: function JsiStrcmpDict jsiChar.c:121. The attack vector is: The victim must execute crafted javascript code. The fixed version is: 2.4.77...

CVE-2018-1000661

jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in JsiLogMsg jsiUtils.c:196 that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability appears to have been...

CVE-2018-1000663

jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function jsievalcode from jsiEval.c that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code...