78 matches found
CVE-2014-0429
CVE-2014-0429 is an unspecified vulnerability in the Java 2D component affecting Oracle Java SE 5.0u61, 6u71, 7u51, 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51. Impact is described as complete confidentiality, integrity, and availability violations via unknown vectors in the 2D comp...
CVE-2014-0460
CVE-2014-0460 is an IBM-related vulnerability described as flaws in the JNDI DNS service provider that can enable spoofing DNS responses, impacting confidentiality and integrity (partial). Exploitation status is not indicated in the IBM bulletins. Affected IBM product: IBM System Networking Switc...
CVE-2014-0453
CVE-2014-0453 is an IBM/Oracle Java vulnerability affecting IBM Runtime Environment Java Technology Edition (and IBM Java SDK/JRE bundles used in IBM products such as QRadar, Rational, and WebSphere-related tools). The vulnerability is described as an unspecified issue in the Security component w...
CVE-2014-0457
CVE-2014-0457 is an unspecified vulnerability in Oracle Java SE components (5.0u61, 6u71, 7u51, 8; JRockit R27.8.1 and R28.3.1; Java SE Embedded 7u51) and related to the Libraries component, enabling remote attackers to impact confidentiality, integrity, and availability via unknown vectors. The ...
CVE-2014-6491
CVE-2014-6491 affects Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier, via SERVER:SSL:yaSSL, with partial confidentiality/integrity/availability impact. The IBM bulletin confirms linked CVEs and notes Guardium is vulnerable; the Debian advisory recommends upgrading to MySQL 5.5.40, ...
CVE-2014-6500
CVE-2014-6500 is an Oracle MySQL Server vulnerability affecting 5.5.39 and earlier and 5.6.20 and earlier, exploitable remotely via the SERVER:SSL:yaSSL vector with partial confidentiality, integrity, and availability impact. Multiple connected sources confirm this issue alongside CVE-2014-6491 a...
CVE-2014-0456
CVE-2014-0456 is an unspecified remote vulnerability in Oracle Java SE (versions 6u71, 7u51, 8, and Java SE Embedded 7u51) and related Hotspot components. The issue enables confidentiality, integrity, and availability impact via unknown vectors and is documented across multiple advisories (e.g., ...
CVE-2015-3209
CVE-2015-3209 : Heap-based buffer overflow in the QEMU PCNET network device allows remote code execution via crafted packet sequences (TXSTATUS_STARTPACKET then TXSTATUS_DEVICEOWNS). This is a QEMU vulnerability discussed in multiple advisories (notably Arista/Security Advisory 0013 and F5/Multi-...
CVE-2015-2620
MiracleLinux 4 (AXSA:2015-464:01) lists CVE-2015-2620 among fixes for mysql55-mysql-5.5.45-1.0.1.AXS4. The advisory notes that updated packages upgrade MySQL to version 5. The description indicates an unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier affec...
CVE-2015-0501
CVE-2015-0501 is a MySQL Server vulnerability affecting 5.5.42 and earlier and 5.6.23 and earlier, where an unspecified issue in Server: Compiling could allow a remote authenticated user to disrupt availability. The connected documents confirm that exploitation details are not provided, and the a...
CVE-2014-2421
CVE-2014-2421 is an unspecified vulnerability in the 2D component of Oracle Java SE (and related IBM SDK for Java builds) with a base impact of complete confidentiality, integrity, and availability. Connected IBM advisories confirm this CVE appears in multiple IBM products that bundle IBM SDK for...
CVE-2014-6559
CVE-2014-6559 affects Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier. The vulnerability is described as unspecified with respect to C API SSL CERTIFICATE HANDLING and could allow remote attackers to obtain confidential information (partial confidentiality impact). No exploit detai...
CVE-2014-6494
CVE-2014-6494 is an unspecified vulnerability in Oracle MySQL Server (affected: 5.5.39 and earlier; 5.6.20 and earlier) that can allow remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL. The IBM advisory lists the CVE among several issues affecting MySQL Server compon...
CVE-2014-6496
CVE-2014-6496 affects Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier, via CLIENT:SSL:yaSSL, causing availability issues (remote, unauthenticated). Affects MySQL Server component CLIENT:SSL:yaSSL; root cause is unspecified in the provided text. Public details across connected source...
CVE-2014-6478
CVE-2014-6478 affects Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier. The vulnerability is described as unspecified, enabling remote attackers to compromise integrity via vectors related to SERVER:SSL:yaSSL . The connected sources confirm the same CVE ID in multiple advisories and...
CVE-2014-6495
CVE-2014-6495 is described in the Initial document as an unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier, enabling remote attackers to affect availability via SERVER:SSL:yaSSL. Connected documents reference this CVE within broader MariaDB/MySQL vulnerabi...
CVE-2020-1611
CVE-2020-1611 concerns Juniper Networks Junos Space Local File Inclusion via malicious HTTP packets, enabling an attacker to view arbitrary files on affected devices. The issue affects Junos Space versions prior to 19.4R1 and stems from a path traversal vulnerability in the device’s file access l...
CVE-2021-0220
CVE-2021-0220 (Juniper Junos Space) affects Junos Space versions prior to 20.3R1. The issue is that shared secrets are stored in a recoverable format and can be exposed through the UI. An attacker who can run arbitrary code in the victim’s browser (e.g., via XSS) or access cached contents may obt...
CVE-2017-10612
CVE-2017-10612 is a persistent cross-site scripting vulnerability in Juniper Networks Junos Space. The issue allows an attacker who can modify certain configuration data to inject malicious Javascript/HTML, potentially stealing information or acting as other Junos Space users or administrators. A...
CVE-2019-0017
The CVE-2019-0017 issue affects Juniper Networks Junos Space: the application allows uploading Device Image files but lacks proper validation, enabling potential uploading of malicious images or scripts. Affected releases are Junos Space before 18.3R1. The description notes an insufficient validi...
CVE-2019-0016
Junos Space is affected: Juniper Networks Junos Space versions prior to 18.3R1 allow a malicious authenticated user to delete a device from the database via crafted Ajax interactions that piggyback on another admin delete action. Root cause is a privilege/permission check bypass in the delete flo...
CVE-2016-1265
Juniper Networks Junos Space is affected by CVE-2016-1265. All versions prior to 15.1R3 are vulnerable to remote, unauthenticated exploitation that may allow arbitrary code execution or access to devices managed by Junos Space via vectors including CSRF, default credentials, information disclosur...
CVE-2017-10622
Juniper Networks Junos Space Network Management Platform is affected by an authentication bypass vulnerability (CVE-2017-10622). A remote unauthenticated attacker could login as any privileged user. Affected are Junos Space versions 17.1R1 without Patch v1 and 16.1 releases prior to 16.1R3. The i...
CVE-2018-0011
CVE-2018-0011 is a reflected XSS vulnerability in Junos Space management interface. The issue allows a remote authenticated user to inject web script or HTML, potentially steal session data/credentials and perform administrative actions on the Junos Space device. Connected sources (e.g., NVD entr...
CVE-2017-10623
CVE-2017-10623 affects Juniper Networks Junos Space: lack of authentication and authorization for cluster messages can enable a man-in-the-middle attacker to intercept, inject, or disrupt cluster operations between two nodes. Affected are Junos Space releases prior to 17.1R1. The provided documen...
CVE-2018-0013
CVE-2018-0013 affects Juniper Networks Junos Space Network Management Platform. The vulnerability is a local file inclusion that may allow an authenticated user to retrieve files from the system. Public data lists CVSS v3.0 base score 6.5 (MEDIUM) with network attack vector, low complexity, and p...
CVE-2018-0046
CVE-2018-0046 is a reflected cross-site scripting vulnerability in OpenNMS included with Juniper Junos Space, affecting Junos Space versions prior to 18.2R1. Connected sources (e.g., the JUNIPER_SPACE_JSA10880 NASL plug-in) explicitly list CVE-2018-0046 among multiple issues, confirming the vulne...
CVE-2017-2307
CVE-2017-2307 affects Juniper Networks Junos Space (admin interface) prior to 16.1R1 and is a reflected cross-site scripting vulnerability. The issue can allow remote attackers to steal sensitive information or perform certain administrative actions, with exploitation requiring user interaction. ...
CVE-2013-5095
CVE-2013-5095 is a documented XSS vulnerability in the web-based interface of Juniper Junos Space prior to 13.1R1.6 (e.g., JA1500 and related deployments). The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The available sources confirm the affected ...
CVE-2013-5097
Juniper Junos Space before 13.1R1.6 (JA1500 and other contexts) exposes the list of user accounts and their MD5 password hashes due to improper access restriction, enabling remote authenticated users to obtain sensitive information via a dictionary attack. Affected are Junos Space deployments pri...
CVE-2017-10624
CVE-2017-10624 affects Juniper Networks Junos Space prior to version 17.1R1, stemming from insufficient verification of node certificates. This can enable a network-attacker to perform a man-in-the-middle attack, potentially modifying the Space database or adding nodes. Connected documents corrob...
CVE-2018-0012
CVE-2018-0012 affects Junos Space and describes a privilege-escalation vulnerability that could allow a local authenticated attacker to obtain root privileges. The connected documents confirm Junos Space as the affected product and identify the impact (local escalation to root) and the attack con...
CVE-2013-3497
CVE-2013-3497 affects Juniper Junos Space prior to 12.3P2.8 (JA1500 and related deployments). The vulnerability exposes cleartext passwords in a configuration tab, enabling reading by physically proximate attackers who view the workstation screen. Exploitation details are not provided in the docu...
CVE-2014-3413
The CVE-2014-3413 vulnerability affects Juniper Networks Junos Space prior to 13.3R1.8, where the MySQL server contains an unspecified hardcoded account password. This allows remote attackers with database access to obtain sensitive information and potentially gain administrative control. Affecte...
CVE-2017-2306
CVE-2017-2306 affects Juniper Networks Junos Space: versions prior to 16.1R1 suffer from an insufficient authorization check in the administrative web interface, allowing readonly users to execute code on the device. This is described in the NVD entry for CVE-2017-2306, which notes remote code ex...
CVE-2018-0047
CVE-2018-0047 describes a persistent cross-site scripting (XSS) vulnerability in the UI framework used by Juniper Networks Junos Space Security Director. A remote attacker with authentication can inject persistent scripts that may exfiltrate information or perform actions as another user when oth...
CVE-2013-5096
CVE-2013-5096 concerns Juniper Junos Space before 13.1R1.6. The issue is a flawed role-based access control implementation that allows remote authenticated users to modify device configurations by abusing the read-only privilege (PR 863804). The affected product is Junos Space (JA1500 appliance a...
CVE-2017-2305
CVE-2017-2305 concerns Juniper Networks Junos Space prior to 16.1R1, where an insufficient authorization check in the administrative web interface lets readonly users create privileged accounts, enabling privilege escalation. The vulnerability path and impact are described in the NVD entry as a u...
CVE-2017-2311
CVE-2017-2311 affects Juniper Networks Junos Space before version 16.1R1. An unauthenticated remote attacker with network access can trigger a denial-of-service condition on the Junos Space device. The vulnerability is tied to the Junos Space software lineage as described in multiple sources; mit...
CVE-2018-0010
CVE-2018-0010 affects Junos Space Security Director. The vulnerability allows a user without SSH access to a device to reuse a URL created for another user to gain SSH access. Affected releases are all versions prior to 17.2R1. The provided documents do not detail the underlying root cause beyond...
CVE-2024-39563
CVE-2024-39563 affects Juniper Networks Junos Space, specifically version 24.1R1. A vulnerable script in the Junos Space web application accepts attacker-controlled input from a GET request without proper sanitization, enabling an unauthenticated, network-based attacker to execute arbitrary shell...
CVE-2017-2308
The CVE-2017-2308 entry affects Juniper Networks Junos Space, with an XML External Entity (XXE) vulnerability in the web management interface. Affected: Junos Space versions prior to 16.1R1. The underlying issue allows an authenticated user to read arbitrary files on the device. Impact: Partial c...
CVE-2017-2310
CVE-2017-2310 affects Juniper Networks Junos Space; a firewall bypass vulnerability exists in the host-based firewall for versions prior to 16.1R1 that may permit certain crafted packets, posing a network integrity risk. Exploitation status is not detailed in the provided documents. According to ...
CVE-2017-2309
Affected product: Juniper Networks Junos Space (versions prior to 16.1R1). Vulnerability: Information disclosure due to certificate-based authentication enabling access to restricted web services over the network. Impact: Confidentiality impact is high; information leak risk reported. Status/reme...
CVE-2016-4926
CVE-2016-4926 affects Juniper Networks’ Junos Space prior to version 15.2R2 . It is an authentication bypass in the web interface, enabling remote network‑based attackers with access to Junos Space to perform administrative actions without authentication. Public details in the provided documents ...
CVE-2016-4927
CVE-2016-4927 affects Junos Space (pre-15.2R2). The root cause is insufficient validation of SSH keys during Space-to-managed-device communications, enabling MITM-style attacks. Impact is partial confidentiality/integrity/availability according to CVSS, with network access and no authentication r...
CVE-2014-3412
Juniper Junos Space up to version 13.3R1.8 is affected when the firewall is disabled. A remote attacker could execute arbitrary commands, potentially with root privileges, on affected installations. The Nessus entry confirms the condition (firewall disabled) and the affected range (before 13.3R1....
CVE-2016-4928
The provided connected documents confirm CVE-2016-4928 as a Cross-Site Request Forgery vulnerability in Junos Space prior to version 15.2R2. The root cause is CSRF that allows remote attackers to perform certain administrative actions on Junos Space. Affected software is Junos Space (version
CVE-2016-4929
The CVE-2016-4929 vulnerability affects Juniper Networks Junos Space prior to version 15.2R2. It enables a command-injection that allows an attacker to execute arbitrary code with root privileges on affected devices. The issue stems from improper handling of input in the Junos Space management in...
CVE-2016-4931
CVE-2016-4931 affects Juniper Networks Junos Space prior to 15.2R2. The issue is an XML External Entity (XXE) injection in the product, allowing an attacker to trigger a denial of service. Public records consistently describe the vulnerability as an XML entity injection that can cause service dis...