| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations. |
| An Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved's routing protocol daemon (rpd) allows an unauthenticated, network-based attacker to send malformed BGP packets to a device configured with packet receive trace options enabled to crash rpd.
This issue affects:
Junos OS:
* from 21.2R3-S8 before 21.2R3-S9,
* from 21.4R3-S7 before 21.4R3-S9,
* from 22.2R3-S4 before 22.2R3-S5,
* from 22.3R3-S2 before 22.3R3-S4,
* from 22.4R3 before 22.4R3-S5,
* from 23.2R2 before 23.2R2-S2,
* from 23.4R1 before 23.4R2-S1,
* from 24.2R1 before 24.2R1-S1, 24.2R2.
Junos OS Evolved:
* from 21.4R3-S7-EVO before 21.4R3-S9-EVO,
* from 22.2R3-S4-EVO before 22.2R3-S5-EVO,
* from 22.3R3-S2-EVO before 22.3R3-S4-EVO,
* from 22.4R3-EVO before 22.4R3-S5-EVO,
* from 23.2R2-EVO before 23.2R2-S2-EVO,
* from 23.4R1-EVO before 23.4R2-S1-EVO,
* from 24.2R1-EVO before 24.2R1-S2-EVO, 24.2R2-EVO.
This issue requires a BGP session to be established.
This issue can propagate and multiply through multiple ASes until reaching vulnerable devices.
This issue affects iBGP and eBGP.
This issue affects IPv4 and IPv6.
An indicator of compromise may be the presence of malformed update messages in a neighboring AS which is unaffected by this issue:
For example, by issuing the command on the neighboring device:
show log messages
Reviewing for similar messages from devices within proximity to each other may indicate this malformed packet is propagating:
rpd[<pid>]: Received malformed update from <IP address> (External AS <AS#>)
and
rpd[<pid>]: Malformed Attribute |
| An Out-of-Bounds Read vulnerability in
the routing protocol daemon (rpd) of
Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
This issue only affects systems configured in
either of two ways:
* systems with BGP traceoptions enabled
* systems with BGP family traffic-engineering (BGP-LS)
configured
and can be exploited from a directly connected and configured BGP peer.
This issue affects iBGP and eBGP
with
any address family
configured, and both IPv4 and IPv6 are affected by this vulnerability.
This issue affects:
Junos OS:
*
from 21.4 before 21.4R3-S9,
* from 22.2 before 22.2R3-S5,
* from 22.3 before 22.3R3-S4,
* from 22.4 before 22.4R3-S5,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S3,
* from 24.2 before 24.2R1-S2, 24.2R2;
Junos OS Evolved:
* from 21.4-EVO before 21.4R3-S9-EVO,
* from 22.2-EVO before 22.2R3-S5-EVO,
* from 22.3-EVO before 22.3R3-S4-EVO,
* from 22.4-EVO before 22.4R3-S5-EVO,
* from 23.2-EVO before 23.2R2-S3-EVO,
* from 23.4-EVO before 23.4R2-S2-EVO,
* from 24.2-EVO before 24.2R1-S2-EVO, 24.2R2-EVO.
This issue does not affect versions of Junos OS prior to 21.3R1.
This issue does not affect versions of Junos OS Evolved prior to 21.3R1-EVO.
This is a similar, but different vulnerability than the issue reported as CVE-2024-39516. |
| A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated adjacent attacker sending a specifically malformed LLDP TLV to cause the l2cpd process to crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
When an LLDP telemetry subscription is active, receipt of a specifically malformed LLDP TLV causes the l2cpd process to crash and restart.
This issue affects:
Junos OS:
* All versions before 21.2R3-S9,
* from 21.4 before 21.4R3-S10,
* from 22.2 before 22.2R3-S6,
* from 22.4 before 22.4R3-S6,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S4,
* from 24.2 before 24.2R2;
Junos OS Evolved:
* All versions before 21.4R3-S10-EVO,
* from 22.2-EVO before 22.2R3-S6-EVO,
* from 22.4-EVO before 22.4R3-S6-EVO,
* from 23.2-EVO before 23.2R2-S3-EVO,
* from 23.4-EVO before 23.4R2-S4-EVO,
* from 24.2-EVO before 24.2R2-EVO. |
| An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine (pfe) Juniper Networks Junos OS on SRX5000 Series allows an unauthenticated, network based attacker to cause a Denial of Service (Dos).
When a non-clustered SRX5000 device receives a specifically malformed packet this will cause a flowd crash and restart.
This issue affects Junos OS:
* 22.1 releases 22.1R1 and later before 22.2R3-S5,
* 22.3 releases before 22.3R3-S4,
* 22.4 releases before 22.4R3-S4,
* 23.2 releases before 23.2R2-S2,
* 23.4 releases before 23.4R2-S1,
* 24.2 releases before 24.2R1-S1, 24.2R2.
Please note that the PR does indicate that earlier versions have been fixed as well, but these won't be adversely impacted by this. |
| A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting with the interface under the attacker's control.
This issue affects all versions of Paragon Automation (Pathfinder, Planner, Insights) before 24.1.1. |
| A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault. |
| In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c. |
| In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c. |
| uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number. |
| In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server. |
| vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. |
| A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem. |
| A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL__blk_gc_list of the file src/H5FL.c. The manipulation of the argument H5FL_blk_head_t leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. |
| A vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by this vulnerability is the function H5O_msg_flush of the file src/H5Omessage.c. The manipulation of the argument oh leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. |
| A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FS__sect_find_node of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. |
| In the Linux kernel, the following vulnerability has been resolved:
dm-stripe: fix a possible integer overflow
There's a possible integer overflow in stripe_io_hints if we have too
large chunk size. Test if the overflow happened, and if it did, don't set
limits->io_min and limits->io_opt; |
| In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. |
| In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
Patch series "nilfs2: fix UBSAN shift-out-of-bounds warnings on mount
time".
The first patch fixes a bug reported by syzbot, and the second one fixes
the remaining bug of the same kind. Although they are triggered by the
same super block data anomaly, I divided it into the above two because the
details of the issues and how to fix it are different.
Both are required to eliminate the shift-out-of-bounds issues at mount
time.
This patch (of 2):
If the block size exponent information written in an on-disk superblock is
corrupted, nilfs_sb2_bad_offset helper function can trigger
shift-out-of-bounds warning followed by a kernel panic (if panic_on_warn
is set):
shift exponent 38983 is too large for 64-bit type 'unsigned long long'
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106
ubsan_epilogue lib/ubsan.c:151 [inline]
__ubsan_handle_shift_out_of_bounds+0x33d/0x3b0 lib/ubsan.c:322
nilfs_sb2_bad_offset fs/nilfs2/the_nilfs.c:449 [inline]
nilfs_load_super_block+0xdf5/0xe00 fs/nilfs2/the_nilfs.c:523
init_nilfs+0xb7/0x7d0 fs/nilfs2/the_nilfs.c:577
nilfs_fill_super+0xb1/0x5d0 fs/nilfs2/super.c:1047
nilfs_mount+0x613/0x9b0 fs/nilfs2/super.c:1317
...
In addition, since nilfs_sb2_bad_offset() performs multiplication without
considering the upper bound, the computation may overflow if the disk
layout parameters are not normal.
This fixes these issues by inserting preliminary sanity checks for those
parameters and by converting the comparison from one involving
multiplication and left bit-shifting to one using division and right
bit-shifting. |
| A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by authenticated users by restoring a tampered configuration backup. |
