Multiple vulnerabilities in Juniper Secure Analytics (JSA)
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 199 |
| CVE-ID | CVE-2021-47356 CVE-2020-26555 CVE-2021-46909 CVE-2021-46972 CVE-2021-47069 CVE-2021-47073 CVE-2021-47236 CVE-2021-47310 CVE-2021-47311 CVE-2021-47353 CVE-2021-47456 CVE-2024-3651 CVE-2021-47495 CVE-2023-43788 CVE-2023-43789 CVE-2023-4692 CVE-2023-4693 CVE-2023-5090 CVE-2023-52464 CVE-2023-52560 CVE-2023-52615 CVE-2023-52626 CVE-2024-3652 CVE-2024-32487 CVE-2023-52669 CVE-2024-26993 CVE-2024-26872 CVE-2024-26892 CVE-2024-26897 CVE-2024-26901 CVE-2024-26919 CVE-2024-26933 CVE-2024-26934 CVE-2024-26964 CVE-2024-26973 CVE-2024-27014 CVE-2024-32465 CVE-2024-27048 CVE-2024-27052 CVE-2024-27056 CVE-2024-27059 CVE-2024-28180 CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2022-39253 CVE-2023-52667 CVE-2023-52675 CVE-2024-26744 CVE-2024-35853 CVE-2024-26982 CVE-2024-27397 CVE-2024-27410 CVE-2024-34750 CVE-2024-35789 CVE-2024-35835 CVE-2024-35838 CVE-2024-35845 CVE-2024-35852 CVE-2024-35854 CVE-2024-26907 CVE-2024-35855 CVE-2024-35888 CVE-2024-35890 CVE-2024-35958 CVE-2024-35959 CVE-2024-35960 CVE-2024-36004 CVE-2024-36007 CVE-2024-5564 CVE-2024-26974 CVE-2024-26906 CVE-2023-52686 CVE-2019-14865 CVE-2023-52700 CVE-2023-52703 CVE-2023-52781 CVE-2023-52813 CVE-2023-52835 CVE-2023-52877 CVE-2023-52878 CVE-2023-52881 CVE-2023-7008 CVE-2024-1048 CVE-2024-22365 CVE-2024-26859 CVE-2024-26583 CVE-2024-26584 CVE-2024-26585 CVE-2024-26656 CVE-2024-26675 CVE-2024-26735 CVE-2024-26759 CVE-2024-26801 CVE-2024-26804 CVE-2024-26826 CVE-2024-26779 CVE-2024-26743 CVE-2019-11358 CVE-2018-20060 CVE-2024-30171 CVE-2024-30172 CVE-2024-3019 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2020-23064 CVE-2018-25091 CVE-2019-25162 CVE-2024-2961 CVE-2020-36777 CVE-2021-33198 CVE-2021-34558 CVE-2021-46934 CVE-2021-47013 CVE-2021-47055 CVE-2021-47118 CVE-2021-47153 CVE-2021-47171 CVE-2021-47185 CVE-2024-29857 CVE-2024-28834 CVE-2022-2880 CVE-2023-3635 CVE-2020-11022 CVE-2020-11023 CVE-2020-13936 CVE-2021-40153 CVE-2021-41072 CVE-2022-3287 CVE-2023-25193 CVE-2023-29483 CVE-2023-31122 CVE-2023-31484 CVE-2023-43804 CVE-2024-28182 CVE-2023-45802 CVE-2023-44487 CVE-2023-45803 CVE-2023-6004 CVE-2023-6597 CVE-2023-6918 CVE-2024-0450 CVE-2024-25062 CVE-2024-26458 CVE-2024-26461 CVE-2022-2879 CVE-2022-41715 CVE-2024-26694 CVE-2024-24786 CVE-2023-52610 CVE-2023-6240 CVE-2024-0340 CVE-2024-21011 CVE-2024-21085 CVE-2024-21094 CVE-2024-23307 CVE-2024-2357 CVE-2024-23650 CVE-2024-24806 CVE-2023-52606 CVE-2024-25744 CVE-2024-26593 CVE-2024-26603 CVE-2024-26610 CVE-2024-26615 CVE-2024-26642 CVE-2024-26643 CVE-2024-26659 CVE-2024-26664 CVE-2024-26693 CVE-2023-52607 CVE-2023-52598 CVE-2022-48624 CVE-2023-45287 CVE-2022-48627 CVE-2022-48669 CVE-2023-29409 CVE-2023-2953 CVE-2023-38264 CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 CVE-2023-39326 CVE-2023-48795 CVE-2023-52595 CVE-2023-52425 CVE-2023-52439 CVE-2023-52445 CVE-2023-52477 CVE-2023-52513 CVE-2023-52520 CVE-2023-52528 CVE-2023-52565 CVE-2023-52578 CVE-2023-52594 |
| CWE-ID | CWE-416 CWE-284 CWE-754 CWE-401 CWE-400 CWE-20 CWE-476 CWE-125 CWE-787 CWE-755 CWE-667 CWE-617 CWE-78 CWE-200 CWE-94 CWE-399 CWE-369 CWE-434 CWE-62 CWE-61 CWE-415 CWE-908 CWE-388 CWE-665 CWE-682 CWE-119 CWE-267 CWE-451 CWE-345 CWE-362 CWE-1321 CWE-203 CWE-835 CWE-668 CWE-121 CWE-770 CWE-79 CWE-295 CWE-310 CWE-681 CWE-22 CWE-59 CWE-521 CWE-252 CWE-190 CWE-918 CWE-264 CWE-326 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #43 is available. Public exploit code for vulnerability #47 is available. Public exploit code for vulnerability #100 is available. Public exploit code for vulnerability #101 is available. Public exploit code for vulnerability #112 is available. Public exploit code for vulnerability #115 is available. Public exploit code for vulnerability #127 is available. Public exploit code for vulnerability #128 is available. Public exploit code for vulnerability #137 is available. Vulnerability #140 is being exploited in the wild. |
| Vulnerable software |
Juniper Secure Analytics (JSA) Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Juniper Networks, Inc. |
Security Bulletin
This security bulletin contains information about 199 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU90134
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47356
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the HFC_cleanup() function in drivers/isdn/hardware/mISDN/hfcpci.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU53578
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-26555
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the Bluetooth legacy BR/EDR PIN code pairing. An attacker with physical access can spoof the BD_ADDR of the peer device and complete pairing without knowledge of the PIN.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper check for unusual or exceptional conditions
EUVDB-ID: #VU92396
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46909
CWE-ID:
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper check for unusual or exceptional conditions error within the personal_server_map_irq() function in arch/arm/mach-footbridge/personal-pci.c, within the netwinder_map_irq() function in arch/arm/mach-footbridge/netwinder-pci.c, within the ebsa285_map_irq() function in arch/arm/mach-footbridge/ebsa285-pci.c, within the cats_no_swizzle() function in arch/arm/mach-footbridge/cats-pci.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory leak
EUVDB-ID: #VU91661
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46972
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ovl_lookup() function in fs/overlayfs/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource exhaustion
EUVDB-ID: #VU92484
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47069
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error within the IPC implementation in Linux kernel. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU93694
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47073
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the init_dell_smbios_wmi() function in drivers/platform/x86/dell-smbios-wmi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory leak
EUVDB-ID: #VU91632
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47236
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the eem_tx_fixup() function in drivers/net/usb/cdc_eem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU90102
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47310
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tlan_remove_one() function in drivers/net/ethernet/ti/tlan.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU90103
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47311
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the emac_remove() function in drivers/net/ethernet/qualcomm/emac/emac.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) NULL pointer dereference
EUVDB-ID: #VU90500
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47353
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the udf_symlink() function in fs/udf/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU90060
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47456
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the peak_pci_remove() function in drivers/net/can/sja1000/peak_pci.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Resource exhaustion
EUVDB-ID: #VU88828
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-3651
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the idna.encode() function. A remote attacker can pass an overly long domain name to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU90852
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47495
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/usb/usbnet.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU81435
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-43788
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU81436
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-43789
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds write
EUVDB-ID: #VU81627
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4692
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass secure boot protection.
The vulnerability exists due to a boundary error in NTFS driver implementation in grub-core/fs/ntfs.c when parsing the $ATTRIBUTE_LIST attribute for the $MFT file. A local user can pass a specially crafted image to the application, trigger an out-of-bounds write and bypass secure boot protection.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Out-of-bounds read
EUVDB-ID: #VU81628
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4693
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the NTFS driver in grub-core/fs/ntfs.c when reading data from the resident $DATA attribute. A attacker with physical access to the system use a specially crafted NTFS file system image to read arbitrary memory locations, such as data cached in memory or EFI variables values.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper handling of exceptional conditions
EUVDB-ID: #VU83383
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5090
CWE-ID:
CWE-755 - Improper Handling of Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of errors within the svm_set_x2apic_msr_interception() function in KVM. A local user can send specially crafted input and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds write
EUVDB-ID: #VU88895
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52464
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the thunderx_ocx_com_threaded_isr() function in drivers/edac/thunderx_edac.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Memory leak
EUVDB-ID: #VU90024
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52560
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the damon_do_test_apply_three_regions() function in mm/damon/vaddr-test.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper locking
EUVDB-ID: #VU90798
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52615
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rng_get_data() and rng_dev_read() functions in drivers/char/hw_random/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Out-of-bounds read
EUVDB-ID: #VU91401
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52626
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mlx5e_ptp_handle_ts_cqe() function in drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Reachable assertion
EUVDB-ID: #VU88534
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-3652
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the compute_proto_keymat() function when handling IKEv1 packets within the default AH/ESP responder. A remote authenticated user can send specially crafted packets to the server and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) OS Command Injection
EUVDB-ID: #VU88533
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-32487
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when handling newline characters in the filename in filename.c. A remote attacker can trick the victim to pass a specially crafted filename to the affected command and execute arbitrary OS commands on the system.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Out-of-bounds read
EUVDB-ID: #VU91423
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52669
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ctr_paes_crypt() function in arch/s390/crypto/paes_s390.c, within the ctr_aes_crypt() function in arch/s390/crypto/aes_s390.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Information disclosure
EUVDB-ID: #VU91355
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26993
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sysfs_break_active_protection() function in fs/sysfs/file.c. A local user can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU90199
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26872
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the srpt_add_one() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Use-after-free
EUVDB-ID: #VU90201
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26892
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mt792x_irq_handler() function in drivers/net/wireless/mediatek/mt76/mt792x_dma.c, within the mt7921_pci_remove() function in drivers/net/wireless/mediatek/mt76/mt7921/pci.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) NULL pointer dereference
EUVDB-ID: #VU90580
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26897
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ath9k_wmi_event_tasklet() function in drivers/net/wireless/ath/ath9k/wmi.c, within the ath9k_tx_init() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c, within the ath9k_htc_probe_device() function in drivers/net/wireless/ath/ath9k/htc_drv_init.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Information disclosure
EUVDB-ID: #VU91363
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26901
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to information disclosure within the do_sys_name_to_handle() function in fs/fhandle.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Memory leak
EUVDB-ID: #VU91647
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26919
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ulpi_register() function in drivers/usb/common/ulpi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improper locking
EUVDB-ID: #VU90777
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26933
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the disable_show() and disable_store() functions in drivers/usb/core/port.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Improper locking
EUVDB-ID: #VU90776
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26934
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the interface_authorized_store() function in drivers/usb/core/sysfs.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) NULL pointer dereference
EUVDB-ID: #VU90561
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26964
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xhci_map_temp_buffer() function in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Information disclosure
EUVDB-ID: #VU91360
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26973
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the fat_encode_fh_nostale() function in fs/fat/nfs.c. A local user can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper locking
EUVDB-ID: #VU90768
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27014
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5e_arfs_enable(), arfs_del_rules(), arfs_handle_work() and mlx5e_rx_flow_steer() functions in drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Code injection
EUVDB-ID: #VU91288
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-32465
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when working with zip files or tarballs during cloning. A remote attacker can and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) NULL pointer dereference
EUVDB-ID: #VU90524
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27048
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brcmf_pmksa_v3_op() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Use-after-free
EUVDB-ID: #VU90180
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27052
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtl8xxxu_stop() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Resource management error
EUVDB-ID: #VU92983
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27056
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iwl_mvm_sta_ensure_queue() function in drivers/net/wireless/intel/iwlwifi/mvm/sta.c, within the __iwl_mvm_suspend() function in drivers/net/wireless/intel/iwlwifi/mvm/d3.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Division by zero
EUVDB-ID: #VU91374
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27059
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the isd200_dump_driveid(), isd200_get_inquiry_data() and isd200_init_info() functions in drivers/usb/storage/isd200.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Resource exhaustion
EUVDB-ID: #VU87538
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28180
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when decompressing JWE with Decrypt or DecryptMulti. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Arbitrary file upload
EUVDB-ID: #VU89491
Risk: High
CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2024-32002
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload. A remote attacker can upload a malicious file and execute it on the server.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
44) Code Injection
EUVDB-ID: #VU89490
Risk: High
CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-32004
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a process control issue while cloning special-crafted local repositories. A remote attacker can execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) UNIX Hard Link
EUVDB-ID: #VU91286
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-32020
CWE-ID:
CWE-62 - UNIX Hard Link
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the original repository.
The vulnerability exists due to insecure hardlink following when working with local clones. Local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) UNIX symbolic link following
EUVDB-ID: #VU91287
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-32021
CWE-ID:
CWE-61 - UNIX Symbolic Link (Symlink) Following
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the original repository.
The vulnerability exists due to insecure symlink following issue. When cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the objects/ directory.
Mitigation
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Input validation error
EUVDB-ID: #VU68517
Risk: Low
CVSSv3.1: 2.8 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-39253
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to the way Git handles hardlinks when performing a local clone. A remote attacker can trick the victim into clocking a malicious repository and create or copy hardlinks to critical files on the system, which can result in sensitive information exposure.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
48) Double free
EUVDB-ID: #VU90922
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52667
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the fs_any_create_groups() function in drivers/net/ethernet/mellanox/mlx5/core/en/fs_tt_redirect.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) NULL pointer dereference
EUVDB-ID: #VU90547
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52675
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the update_events_in_group() function in arch/powerpc/perf/imc-pmu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) NULL pointer dereference
EUVDB-ID: #VU90596
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26744
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the module_param() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Memory leak
EUVDB-ID: #VU89984
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35853
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlxsw_sp_acl_tcam_vchunk_migrate_start() and mlxsw_sp_acl_tcam_vregion_migrate() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Input validation error
EUVDB-ID: #VU90857
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26982
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the squashfs_new_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Improper locking
EUVDB-ID: #VU92027
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27397
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __nft_rbtree_insert(), nft_rbtree_deactivate() and nft_rbtree_gc() functions in net/netfilter/nft_set_rbtree.c, within the pipapo_get(), nft_pipapo_get(), nft_pipapo_insert(), pipapo_gc() and pipapo_deactivate() functions in net/netfilter/nft_set_pipapo.c, within the nft_rhash_key(), nft_rhash_cmp(), nft_rhash_lookup(), nft_rhash_get(), nft_rhash_update(), nft_rhash_insert() and nft_rhash_deactivate() functions in net/netfilter/nft_set_hash.c, within the nft_trans_gc_catchall_sync() and nf_tables_valid_genid() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Resource management error
EUVDB-ID: #VU93870
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27410
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the nl80211_set_interface() function in net/wireless/nl80211.c. A local user can manipulate with the interface mesh ID and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Resource management error
EUVDB-ID: #VU93732
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34750
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when handling HTTP/2 stream. A remote attacker can initiate multiple HTTP/2 connections to the server that are remain open and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Use-after-free
EUVDB-ID: #VU90167
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35789
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ieee80211_change_station() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Double free
EUVDB-ID: #VU90923
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35835
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the arfs_create_groups() function in drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Information disclosure
EUVDB-ID: #VU91346
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35838
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sta_info_free() function in net/mac80211/sta_info.c. A local user can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Input validation error
EUVDB-ID: #VU91609
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35845
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the iwl_dbg_tlv_alloc_debug_info() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Memory leak
EUVDB-ID: #VU89983
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35852
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlxsw_sp_acl_tcam_vregion_destroy() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Use-after-free
EUVDB-ID: #VU90162
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35854
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_acl_tcam_vregion_rehash() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Improper locking
EUVDB-ID: #VU92037
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26907
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the set_eth_seg() function in drivers/infiniband/hw/mlx5/wr.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Use-after-free
EUVDB-ID: #VU90163
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35855
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_acl_tcam_ventry_activity_get() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Use of uninitialized resource
EUVDB-ID: #VU90873
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35888
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ip6erspan_rcv() function in net/ipv6/ip6_gre.c, within the erspan_rcv() function in net/ipv4/ip_gre.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Improper error handling
EUVDB-ID: #VU93651
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35890
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the skb_gro_receive_list() and skb_gro_receive() functions in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Resource management error
EUVDB-ID: #VU93255
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35958
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ena_unmap_tx_buff() and ena_free_tx_bufs() functions in drivers/net/ethernet/amazon/ena/ena_netdev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Improper locking
EUVDB-ID: #VU92018
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35959
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5e_priv_cleanup() function in drivers/net/ethernet/mellanox/mlx5/core/en_main.c, within the mlx5e_selq_init() and mlx5e_selq_cleanup() functions in drivers/net/ethernet/mellanox/mlx5/core/en/selq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Improper Initialization
EUVDB-ID: #VU93351
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35960
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the add_rule_fg() function in drivers/net/ethernet/mellanox/mlx5/core/fs_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Resource management error
EUVDB-ID: #VU93281
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36004
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the i40e_init_module() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Incorrect calculation
EUVDB-ID: #VU93612
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36007
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the mlxsw_sp_acl_tcam_vregion_rehash_work(), mlxsw_sp_acl_tcam_rehash_ctx_vregion_changed(), mlxsw_sp_acl_tcam_vchunk_migrate_end(), mlxsw_sp_acl_tcam_vchunk_migrate_one(), mlxsw_sp_acl_tcam_vregion_migrate() and mlxsw_sp_acl_tcam_vregion_rehash_start() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Buffer overflow
EUVDB-ID: #VU93866
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-5564
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in NetworkManager. A local user can send a malformed IPv6 router advertisement packet to trigger memory corruption and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Use-after-free
EUVDB-ID: #VU90185
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26974
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the adf_device_reset_worker() and adf_dev_aer_schedule_reset() functions in drivers/crypto/qat/qat_common/adf_aer.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Improper error handling
EUVDB-ID: #VU92944
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26906
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the copy_from_kernel_nofault_allowed() function in arch/x86/mm/maccess.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) NULL pointer dereference
EUVDB-ID: #VU90548
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52686
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the opal_event_init() function in arch/powerpc/platforms/powernv/opal-irqchip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Privilege Defined With Unsafe Actions
EUVDB-ID: #VU97100
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14865
CWE-ID:
CWE-267 - Privilege Defined With Unsafe Actions
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in the grub2-set-bootflag utility. A local user can run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Input validation error
EUVDB-ID: #VU90853
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52700
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tipc_connect() and tipc_accept() functions in net/tipc/socket.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Use of uninitialized resource
EUVDB-ID: #VU91676
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52703
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the kalmia_send_init_packet() function in drivers/net/usb/kalmia.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Incorrect calculation
EUVDB-ID: #VU93611
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52781
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the usb_get_bos_descriptor() function in drivers/usb/core/config.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Resource management error
EUVDB-ID: #VU91607
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52813
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the pcrypt_aead_encrypt() function in crypto/pcrypt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Out-of-bounds read
EUVDB-ID: #VU91084
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52835
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rb_alloc_aux() function in kernel/events/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) NULL pointer dereference
EUVDB-ID: #VU90422
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52877
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tcpm_pd_svdm() function in drivers/usb/typec/tcpm/tcpm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Out-of-bounds read
EUVDB-ID: #VU91083
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52878
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the can_put_echo_skb() function in drivers/net/can/dev/skb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Spoofing attack
EUVDB-ID: #VU89895
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52881
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error within the tcp_ack() function in net/ipv4/tcp_input.c, which can result in system accepting ACK responses for bytes that were never sent. A remote attacker can perform spoofing attack.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Insufficient verification of data authenticity
EUVDB-ID: #VU85658
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-7008
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a MitM attack.
The vulnerability exists due to systemd-resolved accepts records of DNSSEC-signed domains even when they have no signature. A remote attacker can perform MitM attack.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Resource management error
EUVDB-ID: #VU87164
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-1048
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in the grub2-set-bootflag utility of grub2. The grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Resource exhaustion
EUVDB-ID: #VU85552
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22365
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in pam_namespace. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) NULL pointer dereference
EUVDB-ID: #VU90573
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26859
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Race condition
EUVDB-ID: #VU87596
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26583
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition between async notify and socket close in TLS implementation in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system, trigger a race condition and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Error handling
EUVDB-ID: #VU89001
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26584
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when handling backlogging of crypto requests in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Race condition
EUVDB-ID: #VU89251
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26585
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tls_encrypt_done() function in net/tls/tls_sw.c. A remote attacker user can send specially crafted requests to the system and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Use-after-free
EUVDB-ID: #VU88145
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26656
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to crash the kernel.
The vulnerability exists due to a use-after-free error in drivers/gpu/drm/amd/amdgpu/amdgpu_hmm.c. A local user can send a single amdgpu_gem_userptr_ioctl
to the AMDGPU DRM driver on any ASICs with an invalid address and size and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Input validation error
EUVDB-ID: #VU90858
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26675
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ppp_async_ioctl() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Use-after-free
EUVDB-ID: #VU90215
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26735
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the seg6_init() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Race condition
EUVDB-ID: #VU91479
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26759
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the swapcache_prepare() function in mm/swapfile.c, within the do_swap_page() and folio_unlock() functions in mm/memory.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Use-after-free
EUVDB-ID: #VU90209
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26801
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hci_error_reset() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Use-after-free
EUVDB-ID: #VU90212
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26804
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tnl_update_pmtu(), ip_md_tunnel_xmit() and ip_tunnel_xmit() functions in net/ipv4/ip_tunnel.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Improper locking
EUVDB-ID: #VU92038
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26826
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __mptcp_retransmit_pending_data() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Race condition
EUVDB-ID: #VU91480
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26779
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the ieee80211_check_fast_xmit() function in net/mac80211/tx.c, within the sta_info_insert_finish() function in net/mac80211/sta_info.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Improper locking
EUVDB-ID: #VU92042
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26743
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qedr_create_user_qp() function in drivers/infiniband/hw/qedr/verbs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Prototype pollution
EUVDB-ID: #VU18092
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-11358
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary JavaScript code.
The vulnerability exists due to improper input validation. A remote attacker can pass specially crafted input to the application and perform prototype pollution, which can result in information disclosure or data manipulation.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
101) Information disclosure
EUVDB-ID: #VU26413
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-20060
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to Authorization HTTP header is not removed from the HTTP request during request redirection in "urllib3/util/retry.py". A remote attacker can intercept the request and gain access to sensitive information, passed via Authorization HTTP header.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
102) Observable discrepancy
EUVDB-ID: #VU89219
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-30171
CWE-ID:
CWE-203 - Observable discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a possible timing based leakage in RSA based handshakes. A remote attacker can gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Infinite loop
EUVDB-ID: #VU89220
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-30172
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in the Ed25519 verification code. A remote attacker can pass a specially signature and public key to the application, consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Exposure of Resource to Wrong Sphere
EUVDB-ID: #VU92228
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-3019
CWE-ID:
CWE-668 - Exposure of resource to wrong sphere
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to missing access restrictions in the default pmproxy configuration, which exposes the Redis server backend to the local network. A remote attacker on the local network can execute arbitrary OS commands.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Stack-based buffer overflow
EUVDB-ID: #VU89712
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33599
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in nscd binary. A remote unauthenticated attacker can exhaust the nscd fixed size cache to trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) NULL pointer dereference
EUVDB-ID: #VU89711
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33600
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when nscd cache fails to add a not-found netgroup response to the cache. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Allocation of Resources Without Limits or Throttling
EUVDB-ID: #VU89710
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33601
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The
vulnerability exists due to the Name Service Cache Daemon (nscd) can terminate the service during its startup. A local use can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Buffer overflow
EUVDB-ID: #VU89709
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33602
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to netgroup cache assumes NSS callback is using in-buffer strings in nscd binary. A remote attacker can trigger memory corruption and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Cross-site scripting
EUVDB-ID: #VU80757
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-23064
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in jQuery 2. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Information disclosure
EUVDB-ID: #VU82979
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-25091
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to urllib3 does not remove the authorization HTTP header when following a cross-origin redirect. A remote attacker can gain access to sensitive information.
Note, the vulnerability exists due to incomplete fix for #VU26413 (CVE-2018-20060).
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Use-after-free
EUVDB-ID: #VU87986
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-25162
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the i2c_put_adapter() function in drivers/i2c/i2c-core-base.c. A local user can trigger a use-after-free error and crash the kernel.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Buffer overflow
EUVDB-ID: #VU88822
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2024-2961
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the iconv() function when converting string to the ISO-2022-CN-EXT character set. A remote attacker can pass specially crafted input to the application, trigger a 4 byte buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
113) Memory leak
EUVDB-ID: #VU87987
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36777
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dvb_media_device_free() function in drivers/media/dvb-core/dvbdev.c. A local user can crash the system.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Resource management error
EUVDB-ID: #VU56024
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33198
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when handling a large exponent to the math/big.Rat SetString or UnmarshalText method. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Improper Certificate Validation
EUVDB-ID: #VU55665
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-34558
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper certificate verification in crypto/tls package in Go when processing X.509 certificates. The application does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
116) Improper Check for Unusual or Exceptional Conditions
EUVDB-ID: #VU89264
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46934
CWE-ID:
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a local user to produce warnings from the userspace.
The vulnerability exists due to improper error handling within the compat_i2cdev_ioctl() function in drivers/i2c/i2c-dev.c. A local user can pass specially crafted data to the driver and influence its behavior.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Use-after-free
EUVDB-ID: #VU91068
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47013
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the emac_mac_tx_buf_send() function in drivers/net/ethernet/qualcomm/emac/emac-mac.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Improper locking
EUVDB-ID: #VU91543
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47055
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mtdchar_ioctl() function in drivers/mtd/mtdchar.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Use-after-free
EUVDB-ID: #VU90225
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47118
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kernel_init_freeable() function in init/main.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Improper error handling
EUVDB-ID: #VU92059
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47153
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the i801_check_post() function in drivers/i2c/busses/i2c-i801.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Memory leak
EUVDB-ID: #VU90011
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47171
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smsc75xx_bind() function in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Improper locking
EUVDB-ID: #VU91528
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47185
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the flush_to_ldisc() function in drivers/tty/tty_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Resource exhaustion
EUVDB-ID: #VU89218
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-29857
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to library does not properly control consumption of internal resources when importing an EC certificate with specially crafted F2m parameters. A remote attacker can pass a specially crafted certificate to the application to trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Cryptographic issues
EUVDB-ID: #VU87671
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28834
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to a side-channel attack when using the gnutls_privkey_sign_data2 API function with the "GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE" flag. A remote attacker can launch Minerva attack and gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Input validation error
EUVDB-ID: #VU68389
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2880
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform parameter smuggling attacks.
The vulnerability exists due to incorrect handling of requests forwarded by ReverseProxy in net/http/httputil. A remote attacker can supply specially crafted parameters that cannot be parsed and are rejected by net/http and force the application to include these parameters into the forwarding request. As a result, a remote attacker can smuggle potentially dangerous HTTP parameters into the request.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Incorrect Conversion between Numeric Types
EUVDB-ID: #VU80783
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3635
CWE-ID:
CWE-681 - Incorrect Conversion between Numeric Types
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Cross-site scripting
EUVDB-ID: #VU27052
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2020-11022
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: Yes
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the regex operation in "jQuery.htmlPrefilter". A remote attacker can pass specially crafted data to the application that uses .html()</code>, <code>.append() or similar methods for it and execute arbitrary JavaScript code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
128) Cross-site scripting
EUVDB-ID: #VU27519
Risk: Low
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2020-11023
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: Yes
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when passing <option> elements to jQuery’s DOM manipulation methods. A remote attacker can execute arbitrary JavaScript code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
129) Code Injection
EUVDB-ID: #VU51511
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-13936
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker with ability to modify Velocity templates can inject and execute arbitrary Java code on the system with the same privileges as the account running the Servlet container.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Path traversal
EUVDB-ID: #VU56306
Risk: Medium
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-40153
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise the affected system.
The vulnerability exists due to input validation error when processing directory traversal sequences within the squashfs_opendir in unsquash-1.c. A remote user can store the filename in the directory entry, which later is used by unsquashfs to create the new file during the unsquash. As a result, it is possible to write files to locations outside of the destination.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Link following
EUVDB-ID: #VU57416
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-41072
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to overwrite arbitrary files on the system.
The vulnerability exists due to a link following issue in squashfs_opendir in unsquash-2.c when processing a squashfs filesystem that has been crafted to include a symbolic link under the same filename in a filesystem. The attacker can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Weak password requirements
EUVDB-ID: #VU75912
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3287
CWE-ID:
CWE-521 - Weak Password Requirements
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges within the application.
The vulnerability exists due to the way the redfish plugin handles passwords. When creating an OPERATOR user account on the BMC, the redfish plugin
saved the auto-generated password to /etc/fwupd/redfish.conf without
proper restriction. A local user can read the configuration file and gain operator privileges.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Input validation error
EUVDB-ID: #VU72050
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25193
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in hb-ot-layout-gsubgpos.hh. A remote attacker can use consecutive marks during the process of looking back for base glyphs when attaching marks and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Input validation error
EUVDB-ID: #VU86795
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-29483
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the Tudoor mechanism. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Out-of-bounds read
EUVDB-ID: #VU82248
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-31122
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within mod_macro module. A remote attacker can send specially crafted requests to the server, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Improper Certificate Validation
EUVDB-ID: #VU75604
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-31484
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to missing verification of the TLS certificate when downloading distributions. A remote attacker can perform MitM attack and trick the application into downloading a malicious file.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Information disclosure
EUVDB-ID: #VU81322
Risk: Low
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2023-43804
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to urllib does not strip the "Cookie" HTTP header during cross-origin HTTP redirects. A remote attacker can gain unauthorized access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
138) Input validation error
EUVDB-ID: #VU88144
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28182
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to reading the unbounded number of HTTP/2 CONTINUATION frames. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Resource management error
EUVDB-ID: #VU82245
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-45802
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the server when handling HTTP/2 requests. A remote attacker can send multiple requests to the server and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Resource exhaustion
EUVDB-ID: #VU81728
Risk: High
CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-44487
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improperly control of consumption for internal resources when handling HTTP/2 requests with compressed HEADERS frames. A remote attacker can send a sequence of compressed HEADERS frames followed by RST_STREAM frames and perform a denial of service (DoS) attack, a.k.a. "Rapid Reset".
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
141) Information disclosure
EUVDB-ID: #VU82978
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-45803
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to urllib3 does not remove the HTTP request body when redirecting HTTP response using status codes 301, 302, or 303, after the request had its method changed from one that could accept a request body (e.g. from POST to GET). A remote attacker can gain access to potentially sensitive information.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) OS Command Injection
EUVDB-ID: #VU84538
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6004
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in OpenSSH client. If an invalid user or hostname that contained shell metacharacters was passed to ssh(1), and a ProxyCommand, LocalCommand directive or "match exec" predicate referenced the user or hostname via %u, %h or similar expansion token, then an attacker who could supply arbitrary user/hostnames to ssh(1) could potentially perform command injection depending on what quoting was present in the user-supplied ssh_config(5) directive.
Mitigation
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) UNIX symbolic link following
EUVDB-ID: #VU87185
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6597
CWE-ID:
CWE-61 - UNIX Symbolic Link (Symlink) Following
Exploit availability: No
DescriptionThe vulnerability allows a local user to delete arbitrary files on the system.
The vulnerability exists due to a symlink following issue during cleanup when handling temporary files. A local user can create a specially crafted symbolic link to a critical file on the system and delete it.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Unchecked Return Value
EUVDB-ID: #VU84540
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6918
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to libssh does not check for returned values of message digest (MD) operations in low memory conditions. A remote attacker can terminate the connection or force the library to use weak keys.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Resource exhaustion
EUVDB-ID: #VU87685
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0450
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the zipfile module does not properly control consumption of internal resources when extracting files from a zip archive. A remote attacker can pass a specially crafted archive aka zip-bomb to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Use-after-free
EUVDB-ID: #VU86052
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-25062
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in xmlValidatePopElement when using the XML Reader interface with DTD validation and XInclude expansion enabled. A remote attacker can pass a specially crafted XML document to the application, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Memory leak
EUVDB-ID: #VU88225
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26458
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak in /krb5/src/lib/rpc/pmap_rmt.c. A remote attacker can perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Memory leak
EUVDB-ID: #VU88226
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26461
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in /krb5/src/lib/gssapi/krb5/k5sealv3.c. A remote attacker can force the application to leak memory and perform denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Resource management error
EUVDB-ID: #VU68387
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2879
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to absent limits on the maximum size of file headers within the Reader.Read method in archive/tar. A remote attacker can pass a specially crafted file to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) Resource exhaustion
EUVDB-ID: #VU68390
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-41715
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in regexp/syntax when handling regular expressions. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Double free
EUVDB-ID: #VU90928
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26694
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the iwl_dealloc_ucode() function in drivers/net/wireless/intel/iwlwifi/iwl-drv.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Infinite loop
EUVDB-ID: #VU87326
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24786
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when parsing data in an invalid JSON format within the protojson.Unmarshal() function. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Memory leak
EUVDB-ID: #VU89382
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52610
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak in net/sched/act_ct.c. A local user can force the kernel to leak memory and perform denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Observable discrepancy
EUVDB-ID: #VU89003
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6240
CWE-ID:
CWE-203 - Observable discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a timing discrepancy when handling RSA based TLS key exchanges. A remote attacker can perform a Marvin attack and gain access to sensitive information. MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Improper Initialization
EUVDB-ID: #VU86579
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0340
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper initialization within the vhost_new_msg() function in drivers/vhost/vhost.c in the Linux kernel vhost driver. A local user can run a specially crafted application to gain access to sensitive kernel information.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) Improper input validation
EUVDB-ID: #VU88666
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21011
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) Improper input validation
EUVDB-ID: #VU88665
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21085
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Concurrency component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) Improper input validation
EUVDB-ID: #VU88668
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21094
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) Integer overflow
EUVDB-ID: #VU88102
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23307
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow in raid5_cache_count() function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) Error Handling
EUVDB-ID: #VU87342
Risk: Low
CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-2357
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect handling of a missing PreSharedKey when a connection is configured to use reSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup sing the auto= keyword, it can cause repeated crashes leading to a denial of service.Mitigation
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) Improper Check for Unusual or Exceptional Conditions
EUVDB-ID: #VU86039
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23650
CWE-ID:
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU86707
Risk: Medium
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24806
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input when handling hostnames longer than 256 characters within the uv_getaddrinfo() function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c. A remote attacker can pass a specially crafted hostname to the application, which can be resolved to an attacker controlled IP address and initiate unauthorized requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) Buffer overflow
EUVDB-ID: #VU87343
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52606
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the fp/vmx code in powerpc/lib/sstep.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU87191
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-25744
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to missing access restrictions related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. An untrusted VMM can trigger int80 syscall handling at any given point and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) Out-of-bounds read
EUVDB-ID: #VU89250
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26593
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the i801_block_transaction_by_block() function in drivers/i2c/busses/i2c-i801.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
166) Infinite loop
EUVDB-ID: #VU89248
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26603
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in arch/x86/kernel/fpu/signal.c. A local user can consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) Buffer overflow
EUVDB-ID: #VU89679
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26610
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the iwl_dbg_tlv_override_trig_node() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
168) NULL pointer dereference
EUVDB-ID: #VU90627
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26615
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __smc_diag_dump() function in net/smc/smc_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
169) Improper access control
EUVDB-ID: #VU88150
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26642
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c. A local user can set arbitrary timeouts, which can result in a denial of service condition.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
170) Race condition
EUVDB-ID: #VU88135
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26643
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the nf_tables_unbind_set() function in net/netfilter/nf_tables_api.c. A local user can exploit the race and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
171) Buffer overflow
EUVDB-ID: #VU93244
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26659
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the process_isoc_td() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
172) Out-of-bounds read
EUVDB-ID: #VU90335
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26664
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the create_core_data() function in drivers/hwmon/coretemp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
173) Improper Initialization
EUVDB-ID: #VU91554
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26693
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the iwl_mvm_is_dup() function in drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c, within the iwl_mvm_sta_state_notexist_to_none() function in drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
174) NULL pointer dereference
EUVDB-ID: #VU90841
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52607
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pgtable_cache_add() function in arch/powerpc/mm/init-common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
175) Resource management error
EUVDB-ID: #VU93864
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52598
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in arch/s390/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
176) OS Command Injection
EUVDB-ID: #VU86885
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48624
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation within the close_altfile() function in filename.c. A remote attacker can trick the victim into using a specially crafted argument for the less command and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
177) Observable discrepancy
EUVDB-ID: #VU86309
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-45287
CWE-ID:
CWE-203 - Observable discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a timing discrepancy when handling RSA based TLS key exchanges. A remote attacker can perform a Marvin attack and gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
178) Resource exhaustion
EUVDB-ID: #VU92194
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48627
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
179) Memory leak
EUVDB-ID: #VU90457
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48669
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the arch/powerpc/platforms/pseries/papr_platform_attributes.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
180) Improper Certificate Validation
EUVDB-ID: #VU78913
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-29409
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to verifying certificate chains containing large RSA keys is slow. A remote attacker can cause a client/server to expend significant CPU time verifying signatures.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
181) NULL pointer dereference
EUVDB-ID: #VU77252
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2953
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ber_memalloc_x() function. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
182) Resource exhaustion
EUVDB-ID: #VU89343
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38264
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
183) Cross-site scripting
EUVDB-ID: #VU80572
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39318
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within the html/template package when handling HMTL-like "<!--" and "-->" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. A remote attacker can pass specially crafted input to the application and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
184) Cross-site scripting
EUVDB-ID: #VU80573
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39319
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists within the html/template package caused by improperly applied rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. A remote attacker can pass specially crafted input to the application and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
185) Input validation error
EUVDB-ID: #VU80574
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39321
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in crypto/tls when processing post-handshake message on QUIC connections. A remote attacker can send an incomplete post-handshake message for a QUIC connection and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
186) Input validation error
EUVDB-ID: #VU80575
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39322
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in crypto/tls when processing post-handshake message on QUIC connections. A remote attacker can send an incomplete post-handshake message for a QUIC connection and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
187) Resource exhaustion
EUVDB-ID: #VU83928
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39326
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling HTTP chunked requests. A remote attacker can send specially crafted HTTP requests to the server and consume excessive memory resources.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
188) Inadequate encryption strength
EUVDB-ID: #VU84537
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48795
CWE-ID:
CWE-326 - Inadequate Encryption Strength
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to incorrect implementation of the SSH Binary Packet Protocol (BPP), which mishandles the handshake phase and the use of sequence numbers. A remote attacker can perform MitM attack and delete the SSH2_MSG_EXT_INFO message sent before authentication starts, allowing the attacker to disable a subset of the keystroke timing obfuscation features introduced in OpenSSH 9.5.
The vulnerability was dubbed "Terrapin attack" and it affects both client and server implementations.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
189) Improper locking
EUVDB-ID: #VU90803
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52595
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rt2x00mac_bss_info_changed() function in drivers/net/wireless/ralink/rt2x00/rt2x00mac.c, within the rt2x00lib_disable_radio(), rt2x00lib_start() and rt2x00lib_stop() functions in drivers/net/wireless/ralink/rt2x00/rt2x00dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
190) Resource exhaustion
EUVDB-ID: #VU86230
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52425
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when parsing large tokens. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
191) Use-after-free
EUVDB-ID: #VU87573
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52439
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uio_open() function in drivers/uio/uio.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
192) Use-after-free
EUVDB-ID: #VU87745
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52445
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in pvrusb2. A local user can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
193) Use of uninitialized resource
EUVDB-ID: #VU89393
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52477
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to usage of uninitialized BOS descriptors in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
194) NULL pointer dereference
EUVDB-ID: #VU91242
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52513
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the siw_accept_newconn(), siw_cm_work_handler() and siw_cm_llp_data_ready() functions in drivers/infiniband/sw/siw/siw_cm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
195) Memory leak
EUVDB-ID: #VU91656
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52520
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tlmi_release_attr() and tlmi_sysfs_init() functions in drivers/platform/x86/think-lmi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
196) Use of uninitialized resource
EUVDB-ID: #VU90884
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52528
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __smsc75xx_read_reg() function in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
197) Out-of-bounds read
EUVDB-ID: #VU90351
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52565
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the uvc_query_v4l2_menu() function in drivers/media/usb/uvc/uvc_ctrl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
198) Race condition
EUVDB-ID: #VU89384
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52578
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a data race within the br_handle_frame_finish() function in net/bridge/br_input.c. A local user can exploit the race and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
199) Out-of-bounds read
EUVDB-ID: #VU90343
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52594
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath9k_htc_txstatus() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Secure Analytics (JSA): 7.5.0 UP1 - 7.5.0
CPE2.3- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP1:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP2:*:*:*:*:*:
- cpe:2.3:a:juniper_networks:jsa:7.5.0:UP3:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
