33 matches found
CVE-2014-0429
CVE-2014-0429 is an unspecified vulnerability in the Java 2D component affecting Oracle Java SE 5.0u61, 6u71, 7u51, 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51. Impact is described as complete confidentiality, integrity, and availability violations via unknown vectors in the 2D comp...
CVE-2014-0460
CVE-2014-0460 is an IBM-related vulnerability described as flaws in the JNDI DNS service provider that can enable spoofing DNS responses, impacting confidentiality and integrity (partial). Exploitation status is not indicated in the IBM bulletins. Affected IBM product: IBM System Networking Switc...
CVE-2014-0453
CVE-2014-0453 is an IBM/Oracle Java vulnerability affecting IBM Runtime Environment Java Technology Edition (and IBM Java SDK/JRE bundles used in IBM products such as QRadar, Rational, and WebSphere-related tools). The vulnerability is described as an unspecified issue in the Security component w...
CVE-2014-0457
CVE-2014-0457 is an unspecified vulnerability in Oracle Java SE components (5.0u61, 6u71, 7u51, 8; JRockit R27.8.1 and R28.3.1; Java SE Embedded 7u51) and related to the Libraries component, enabling remote attackers to impact confidentiality, integrity, and availability via unknown vectors. The ...
CVE-2014-0456
CVE-2014-0456 is an unspecified remote vulnerability in Oracle Java SE (versions 6u71, 7u51, 8, and Java SE Embedded 7u51) and related Hotspot components. The issue enables confidentiality, integrity, and availability impact via unknown vectors and is documented across multiple advisories (e.g., ...
CVE-2014-2421
CVE-2014-2421 is an unspecified vulnerability in the 2D component of Oracle Java SE (and related IBM SDK for Java builds) with a base impact of complete confidentiality, integrity, and availability. Connected IBM advisories confirm this CVE appears in multiple IBM products that bundle IBM SDK for...
CVE-2025-60002
Summary (CVE-2025-60002): Juniper Networks Junos Space before version 24.1R4 is vulnerable to a Cross-site Scripting (XSS) flaw via improper input neutralization in Web page generation, specifically the Template Definitions page. An attacker can inject script tags that, when a different user visi...
CVE-2026-21907
CVE-2026-21907 affects Juniper Networks Junos Space before version 24.1R5. The TLS/SSL server allows static key ciphers (ssl-static-key-ciphers) that do not support Perfect Forward Secrecy, reducing long-term and on-path confidentiality. Affected product/version is Junos Space prior to 24.1R5; no...
CVE-2025-59991
CVE-2025-59991 is a cross-site scripting vulnerability in Juniper Networks Junos Space that allows an attacker to inject scripts into Device Management pages, enabling execution of commands with the victim user’s permissions (potentially admin). Affected: Junos Space versions before 24.1R4. The N...
CVE-2025-59975
The CVE-2025-59975 issue affects Juniper Networks Junos Space, specifically the HTTP daemon (httpd). An unauthenticated network-based attacker can flood the system with inbound API calls, causing uncontrolled resource consumption and a Denial of Service (DoS). Consequence: exhaustion of file hand...
CVE-2025-60000
Summary (concrete details) : The connected Nessus/NASL entry for Juniper Junos Space identifies CVE-2025-60000 as an XSS vulnerability on the Generate Report page, affecting all Junos Space versions before 24.1R4 . The issue allows an attacker to inject script tags that, when a victim visits the ...
CVE-2025-59976
CVE-2025-59976 affects Juniper Networks Junos Space. A flaw in the web interface allows a network-authenticated attacker to download arbitrary files via crafted GET requests, escaping the JBoss file-path restrictions. All versions before 24.1R3 are affected. Remediation: upgrade to Junos Space 24...
CVE-2025-59999
CVE-2025-59999 affects Juniper Networks Junos Space; the issue is an Improper Neutralization of Input During Web Page Generation (XSS) that allows an attacker to inject script tags into the API Access Profiles page. When other users visit the page, the attacker may execute commands with the targe...
CVE-2025-60001
CVE-2025-60001 pertains to Juniper Networks Junos Space prior to 24.1R4, with an improper neutralization of input during web page generation that enables cross-site scripting on the Generate Report page. The vulnerability allows an attacker to inject script tags that, when visited by another user...
CVE-2025-59986
CVE-2025-59986 affects Juniper Networks Junos Space versions prior to 24.1R4. It is an input handling (XSS) vulnerability in Model Devices that lets an attacker inject script tags, which can be executed in the context of other users, including administrators. The issue arises from improper input ...
CVE-2025-59978
CVE-2025-59978 is a Cross-Site Scripting vulnerability in Juniper Networks Junos Space (pre-24.1R4). The issue arises from improper neutralization of input during web page generation, allowing an attacker to store script tags in web pages that, when viewed by another user, can execute commands wi...
CVE-2025-59985
Juniper Junos Space prior to 24.1R4 is affected by CVE-2025-59985 due to improper input neutralization during web page generation on the Purging Policy page, allowing injection of script tags that can execute commands with the target user’s permissions (potentially admin). The issue is a client-f...
CVE-2025-59994
CVE-2025-59994 affects Juniper Junos Space prior to 24.1R4, with an XSS flaw in the Quick Template page due to improper input neutralization during web page generation. An attacker can inject scripts that, when viewed by another user, may execute commands with the target’s permissions (including ...
CVE-2025-59990
CVE-2025-59990 is confirmed with concrete details in connected documents: Junos Space prior to 24.1R4 is affected by a cross-site scripting vulnerability in the template creation pages caused by improper input neutralization during web page generation. The issue allows an attacker to inject scrip...
CVE-2025-59995
Juniper Junos Space C?VE-2025-59995 is an XSS vulnerability in the Quick Template page (and related surfaces) that allows script injection leading to commands executed with the target user’s permissions, including administrator. Affected: Junos Space versions prior to 24.1R4. Root cause: improper...
CVE-2025-59989
CVE-2025-59989 affects Juniper Networks Junos Space prior to version 24.1R4. The issue is an Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) on the Device Discovery page, allowing an attacker to inject script tags which, when viewed by another user, can execute ...
CVE-2025-59981
CVE-2025-59981 corresponds to a Cross-site Scripting (XSS) flaw in Juniper Networks Junos Space prior to version 24.1R4. The issue arises from improper input neutralization during web page generation on the Device Template Definition page, allowing an attacker to inject script tags that, when vie...
CVE-2025-59982
CVE-2025-59982 affects Juniper Networks Junos Space prior to 24.1R4. Affected component: web page generation for the dashboard/search input. Root cause: improper input neutralization allows cross-site scripting (reflected) that can inject script tags; when visited by another user, it can execute ...
CVE-2025-59987
Summary: CVE-2025-59987 describes an XSS vulnerability in Juniper Networks Junos Space prior to version 24.1R4. An attacker can inject script tags in the arbitrary device search field, which, when visited by another user, may execute commands with the target’s permissions (including administrator...
CVE-2025-59993
CVE-2025-59993 affects Juniper Networks Junos Space before version 24.1R4. The issue is an XSS vulnerability in the Space Node Setting fields (and related pages) where improper input neutralization allows injection of script tags, enabling an attacker to run commands with the target user’s privil...
CVE-2025-59998
Summary: CVE-2025-59998 affects Juniper Networks Junos Space versions prior to 24.1R4, due to an improper neutralization of input during web page generation that enables cross-site scripting on the Archive Log screen. An attacker can inject script tags; when another user visits the affected page,...
CVE-2025-59984
CVE-2025-59984 affects Juniper Networks Junos Space prior to version 24.1R4. It is an Improper Neutralization of Input During Web Page Generation (XSS) vulnerability that lets an attacker inject script tags in Global Search; when a user visits the page, commands could execute with the target’s pe...
CVE-2025-59997
CVE-2025-59997 is a Junos Space cross-site scripting vulnerability: improper input neutralization during web page generation allows script injection in the CLI Configlets pages. Affected product: Juniper Networks Junos Space; affected versions are all before 24.1R4. The issue lets an attacker cau...
CVE-2025-60009
CVE-2025-60009 is a Cross-site Scripting vulnerability in Juniper Networks Junos Space (prior to version 24.1R4) that allows an attacker to inject script tags via the CLI Configlet page. When other users visit the page, the attacker can execute commands with the target’s permissions, potentially ...
CVE-2025-59988
CVE-2025-59988 involves a cross-site scripting vulnerability in Juniper Networks Junos Space prior to version 24.1R4. The issue allows an attacker to inject script tags on the Generate Report page, which, when visited by another user, can execute commands with the target’s permissions (including ...
CVE-2025-59992
Juniper Junos Space is affected by CVE-2025-59992: an improper neutralization of input during web page generation enables cross-site scripting on the Secure Console page. The vulnerability allows an attacker to inject script tags that, when a different user visits the page, can execute commands w...
CVE-2025-59996
The CVE-2025-59996 issue affects Juniper Networks Junos Space versions prior to 24.1R4, where an Improper Neutralization of Input During Web Page Generation enables cross-site scripting in the Configuration View page. Exploitation would allow an attacker to inject script tags that, when a second ...
CVE-2025-59983
CVE-2025-59983 affects Juniper Networks Junos Space prior to version 24.1R4. The issue is an Improp er Neutralization of Input During Web Page Generation (Cross-site Scripting) that allows an attacker to inject script tags on the Template Definition page; when another user visits that page, the a...