CVE-2024-30395

CVE-2024-30395 describes an improper validation of a BGP tunnel encapsulation attribute in Junos OS and Junos OS Evolved RPD, leading to an unauthenticated, network-based DoS. A BGP update containing a specifically malformed TLV can cause Routing Protocol Daemon (rpd) to crash and restart. Affect...

CVE-2024-30395 Junos OS and Junos OS Evolved: A malformed BGP tunnel encapsulation attribute will lead to an rpd crash

An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon RPD of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause Denial of Service DoS. If a BGP update is received over an established BGP session which contains a tunnel...

CVE-2024-30409 Junos OS and Junos OS Evolved: Higher CPU consumption on routing engine leads to Denial of Service (DoS).

An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated attacker to cause the forwarding information base telemetry daemon fibtd to crash, leading to a limited Denial of...

CVE-2024-21610

Summary (CVE-2024-21610) : A vulnerability in Juniper Networks Junos OS cosd (Class of Service daemon) on MX Series allows an authenticated, low-privileged attacker to cause a limited DoS by handling specific low-privileged commands (via NETCONF, SSH, or Telnet) on behalf of mgd; mgd processes ca...

CVE-2024-21598 Junos OS and Junos OS Evolved: A malformed BGP tunnel encapsulation attribute will lead to an rpd crash

An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service DoS. If a BGP update is received over an established BGP sessio...

Juniper Junos OS Vulnerability (JSA75739)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75739 advisory. - An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a...

Juniper Junos OS Vulnerability (JSA79174)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA79174 advisory. - An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a network-based,...

Juniper Junos OS Vulnerability (JSA79099)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA79099 advisory. - An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based...

PT-2024-2853 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS on MX Series versions prior to 20.4R3-S9 Juniper Networks Junos OS on MX Series version 21.2 versions prior to 21.2R3-S7 Juniper Networks Junos OS on MX Series version 21.3 versions prior to 21.3R3-S5 Juniper Network...

PT-2024-3313

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 21.2R3-S6 Junos OS versions 21.3 prior to 21.3R3-S5 Junos OS versions 21.4 prior to 21.4R3-S5 Junos OS versions 22.1 prior to 22.1R3-S3 Junos OS versions 22.2 prior to 22.2R3-S1 Junos OS versions 22.3 prior to...

CentOS 9 : tang-11-1.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the tang-11-1.el9 build changelog. - A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys. CVE-2021-4076 Note that Nessus has not...

CVE-2024-0220

B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data...

Code injection

B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data. Missing Encryptio...

CVE-2024-0220 B&R products use insufficient communication encryption

B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data...

Exploit for PHP External Variable Modification in Juniper Junos

CVE-2023-36845 A PHP External Variable Modification vulnerab...

Design/Logic Flaw

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: Export. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this...

CVE-2024-0323

The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients...

Design/Logic Flaw

Use of a Broken or Risky Cryptographic Algorithm vulnerability in B&R Industrial Automation Automation Runtime SDM modules. The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws...

CVE-2024-0323 FTP uses unsecure encryption mechanisms

The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients...

CVE-2024-20961

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...