CVE-2024-30395

An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon RPD of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause Denial of Service DoS. If a BGP update is received over an established BGP session which contains a tunnel...

CVE-2024-30395

CVE-2024-30395 describes an improper validation of a BGP tunnel encapsulation attribute in Junos OS and Junos OS Evolved RPD, leading to an unauthenticated, network-based DoS. A BGP update containing a specifically malformed TLV can cause Routing Protocol Daemon (rpd) to crash and restart. Affect...

CVE-2024-30409 Junos OS and Junos OS Evolved: Higher CPU consumption on routing engine leads to Denial of Service (DoS).

An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated attacker to cause the forwarding information base telemetry daemon fibtd to crash, leading to a limited Denial of...

CVE-2024-21598 Junos OS and Junos OS Evolved: A malformed BGP tunnel encapsulation attribute will lead to an rpd crash

An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service DoS. If a BGP update is received over an established BGP sessio...

Juniper Junos OS Vulnerability (JSA79099)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA79099 advisory. - An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based...

PT-2024-3313

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 21.2R3-S6 Junos OS versions 21.3 prior to 21.3R3-S5 Junos OS versions 21.4 prior to 21.4R3-S5 Junos OS versions 22.1 prior to 22.1R3-S3 Junos OS versions 22.2 prior to 22.2R3-S1 Junos OS versions 22.3 prior to...

CVE-2024-0220

B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data...

Code injection

B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data. Missing Encryptio...

Input validation

An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service DoS. If an attacker sends high rate of specific ICMP traffic to a device with VXLAN...

Code injection

An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. If a high rate of specific valid packets are processed by the routing engine RE this will le...

Design/Logic Flaw

An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions. In an Abstracted Fabric AF scenario if routing-instances RI are...

CVE-2024-21611 Junos OS and Junos OS Evolved: In a jflow scenario continuous route churn will cause a memory leak and eventually an rpd crash

A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. In a Juniper Flow Monitoring jflow scenario route churn that...

CVE-2024-21595 Junos OS: EX4100, EX4400, EX4600, QFX5000 Series: A high rate of specific ICMP traffic will cause the PFE to hang

An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service DoS. If an attacker sends high rate of specific ICMP traffic to a device with VXLAN...

CVE-2024-21595 Junos OS: EX4100, EX4400, EX4600, QFX5000 Series: A high rate of specific ICMP traffic will cause the PFE to hang

An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service DoS. If an attacker sends high rate of specific ICMP traffic to a device with VXLAN...

CVE-2023-22059

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2023-44184

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon mgd process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU...

Cross site scripting

An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. On all Junos OS and Junos OS Evolved devices an rpd crash and restart can occur while...

CVE-2023-36844

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables...

UBUNTU-CVE-2023-22043

Vulnerability in Oracle Java SE component: JavaFX. The supported version that is affected is Oracle Java SE: 8u371. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability...

Authentication flaw

SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, perfor...