1178 matches found
CVE-2022-22244
An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker sending a crafted POST to reach the XPath channel, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. This issue affect...
CVE-2022-22243
An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to add an XPath command to the XPath stream, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of...
CVE-2022-22244
An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker sending a crafted POST to reach the XPath channel, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. This issue affect...
Design/Logic Flaw
An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker sending a crafted POST to reach the XPath channel, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. This issue affect...
Input validation
An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to add an XPath command to the XPath stream, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of...
CVE-2022-22244
CVE-2022-22244 affects Juniper Networks Junos OS in the J-Web component. An unauthenticated attacker can send a crafted POST to reach the XPath channel, potentially chaining to other vulnerabilities and causing a partial loss of confidentiality. Affected Junos OS versions range broadly from befor...
CVE-2022-22244 Junos OS: Unauthenticated XPath Injection vulnerability in J-Web
An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker sending a crafted POST to reach the XPath channel, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. This issue affect...
CVE-2022-22244 Junos OS: Unauthenticated XPath Injection vulnerability in J-Web
An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker sending a crafted POST to reach the XPath channel, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. This issue affect...
CVE-2022-22243 Junos OS: XPath Injection vulnerability in J-Web
An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to add an XPath command to the XPath stream, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of...
CVE-2022-22243
CVE-2022-22243 is an XPath Injection vulnerability in Juniper Networks Junos OS J-Web component. It enables an authenticated attacker to add an XPath command to the XPath stream, potentially chaining to other unspecified vulnerabilities and causing partial loss of confidentiality. Affected softwa...
CVE-2022-22243 Junos OS: XPath Injection vulnerability in J-Web
An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to add an XPath command to the XPath stream, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of...
Exploit for CVE-2022-41852
Remote Code Execution in JXPath Library CVE-2022-41852 Proof...
Remote Code Execution (RCE)
commons-jxpath is vulnerable to remote code execution. The vulnerability exists in selectSingleNode function in JXPathContext.java where the attacker can use the xpath expression to load any java class from the classpath which will lead to a code execution...
Apache Commons JXPath Buffer Overflow Vulnerability (CNVD-2022-73688)
Apache Commons JXPath is a Java-based implementation of XPath 1.0 from the Apache Foundation, U.S.A. A buffer overflow vulnerability exists in Apache Commons JXPath, which is caused by a stack buffer overflow when parsing XPath. A remote attacker could exploit this vulnerability to cause a denial...
PT-2022-6648 · Juniper Networks · Junos
Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 19.1R3-S9 Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S6 Juniper Networks Junos OS 19.3 versions prior to 19.3R3-S7 Juniper Networks Junos OS 19.4 versions prior to 19.4R2-S7, 19.4R3-S8...
PT-2022-6651 · Juniper Networks · Junos
Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 19.1R3-S9 Junos OS versions 19.2 prior to 19.2R3-S6 Junos OS versions 19.3 prior to 19.3R3-S7 Junos OS versions 19.4 prior to 19.4R3-S9 Junos OS versions 20.1 prior to 20.1R3-S5 Junos OS versions 20.2 prior to...
Apache Commons JXPath Buffer Overflow Vulnerability (CNVD-2022-73689)
Apache Commons JXPath is a Java-based implementation of XPath 1.0 from the Apache Foundation, U.S.A. A buffer overflow vulnerability exists in Apache Commons JXPath, which is caused by a stack buffer overflow when parsing XPath. A remote attacker could exploit this vulnerability to cause a denial...
Withdrawn: CVE Rejected: JXPath vulnerable to remote code execution when interpreting untrusted XPath expressions
This advisory has been withdrawn due to the CVE being rejected. Original advisory text Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except compile and...
GHSA-MQXP-CJR9-C5JM JXPath Out-of-bounds Write vulnerability
Withdrawn This advisory has been withdrawn because the original report was found to be invalid. This link is maintained to preserve external references. Original Description Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks DOS. If the parser is running on user...
编号撤回
Apache Commons JXPath is a Java-based implementation of XPath 1.0 from the Apache Foundation, U.S.A. A buffer overflow vulnerability exists in Apache Commons JXPath, which is caused by a stack buffer overflow when parsing XPath. A remote attacker could exploit this vulnerability to cause a denial...