Multiple vulnerabilities in Junos Space
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 58 |
| CVE-ID | CVE-2023-6516 CVE-2024-28834 CVE-2024-28835 CVE-2024-1488 CVE-2023-7008 CVE-2023-6240 CVE-2024-25742 CVE-2024-25743 CVE-2023-4408 CVE-2023-50387 CVE-2023-50868 CVE-2023-5517 CVE-2023-5679 CVE-2023-3019 CVE-2023-52463 CVE-2023-3255 CVE-2023-42467 CVE-2023-5088 CVE-2023-6683 CVE-2022-24810 CVE-2022-24809 CVE-2022-24808 CVE-2022-24807 CVE-2022-24806 CVE-2022-24805 CVE-2020-11022 CVE-2016-2183 CVE-2024-32462 CVE-2023-52801 CVE-2024-6119 CVE-2024-40936 CVE-2024-45492 CVE-2024-45491 CVE-2024-45490 CVE-2024-42131 CVE-2024-42102 CVE-2024-42096 CVE-2024-42082 CVE-2024-41096 CVE-2024-41073 CVE-2024-41055 CVE-2024-41044 CVE-2024-41040 CVE-2024-40927 CVE-2024-26629 CVE-2024-38619 CVE-2024-38559 CVE-2024-36979 CVE-2024-36883 CVE-2024-36019 CVE-2024-36000 CVE-2024-35875 CVE-2024-35797 CVE-2024-35791 CVE-2024-26946 CVE-2024-26886 CVE-2024-26720 CVE-2024-26630 |
| CWE-ID | CWE-400 CWE-310 CWE-20 CWE-862 CWE-345 CWE-203 CWE-94 CWE-617 CWE-416 CWE-476 CWE-835 CWE-369 CWE-662 CWE-787 CWE-79 CWE-327 CWE-88 CWE-843 CWE-401 CWE-190 CWE-124 CWE-667 CWE-119 CWE-415 CWE-908 CWE-125 CWE-399 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #10 is available. Public exploit code for vulnerability #11 is available. Public exploit code for vulnerability #26 is available. Public exploit code for vulnerability #27 is available. |
| Vulnerable software |
Juniper Junos Space Server applications / Remote management servers, RDP, SSH |
| Vendor | Juniper Networks, Inc. |
Security Bulletin
This security bulletin contains information about 58 vulnerabilities.
1) Resource exhaustion
EUVDB-ID: #VU86379
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-6516
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when processing specific recursive patterns. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack against the DNS resolver.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cryptographic issues
EUVDB-ID: #VU87671
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-28834
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to a side-channel attack when using the gnutls_privkey_sign_data2 API function with the "GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE" flag. A remote attacker can launch Minerva attack and gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU87672
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-28835
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing the cert_list_size parameter in the gnutls_x509_trust_list_verify_crt2() function in certtool. A remote attacker can pass specially crafted PEM encoded certificate chain that contains more than 16 certificates to the certtool and crash it.
Install update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Missing authorization
EUVDB-ID: #VU87749
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-1488
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to missing authorization in the unbound.service that listens on localhost on port 8953. A local user can send a specially crafted request and alter the server configuration.
Install update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Insufficient verification of data authenticity
EUVDB-ID: #VU85658
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-7008
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a MitM attack.
The vulnerability exists due to systemd-resolved accepts records of DNSSEC-signed domains even when they have no signature. A remote attacker can perform MitM attack.
Install update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Observable discrepancy
EUVDB-ID: #VU89003
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-6240
CWE-ID:
CWE-203 - Observable discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a timing discrepancy when handling RSA based TLS key exchanges. A remote attacker can perform a Marvin attack and gain access to sensitive information. MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Code Injection
EUVDB-ID: #VU89087
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-25742
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
Description
The vulnerability allows a malicious hypervisor to escalate privileges on the system.
The vulnerability exists due to improper input validation when handling interrupts. A malicious hypervisor can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the value stored in EAX while a SEV VM is running.
Install update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Code Injection
EUVDB-ID: #VU89086
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-25743
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a malicious hypervisor to escalate privileges on the system.
The vulnerability exists due to improper input validation when handling interrupts. A malicious hypervisor can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the value stored in EAX while a SEV VM is running.
Install update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Resource exhaustion
EUVDB-ID: #VU86383
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-4408
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when parsing DNS messages. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Resource exhaustion
EUVDB-ID: #VU86377
Risk: Medium
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2023-50387
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation when processing DNSSEC related records. A remote attacker can trigger resource exhaustion by forcing the DNS server to query a specially crafted DNSSEC zone and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
11) Resource exhaustion
EUVDB-ID: #VU86378
Risk: Medium
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2023-50868
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation when processing DNSSEC related records. A remote attacker can trigger resource exhaustion by forcing the DNS server to query a specially crafted DNSSEC zone and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
12) Reachable Assertion
EUVDB-ID: #VU86382
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-5517
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when querying RFC 1918 reverse zones. A remote attacker can send a specially crafted DNS query and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Reachable Assertion
EUVDB-ID: #VU86381
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-5679
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion caused by a bad interaction between DNS64 and serve-stale. A remote attacker can query a DNS64-enabled resolver for domain names triggering serve-stale.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU85734
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-3019
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the e1000e_write_packet_to_guest() function in the e1000e NIC emulation code in QEMU. A local user can trigger DMA reentrancy and crash the QEMU process on the host.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) NULL pointer dereference
EUVDB-ID: #VU90660
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52463
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the efivarfs_get_tree() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Infinite loop
EUVDB-ID: #VU78946
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-3255
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the vnc_client_cut_text_ext function in ui/vnc-clipboard.c. A remote authenticated client who is able to send a clipboard to the QEMU built-in VNC server can perform a denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Division by zero
EUVDB-ID: #VU85828
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-42467
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a division by zero error within the scsi_disk_reset() function in hw/scsi/scsi-disk.c. A local user can pass specially crafted data to the application and crash it.
Install update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper synchronization
EUVDB-ID: #VU85827
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-5088
CWE-ID:
CWE-662 - Improper Synchronization
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper synchronization, which causes guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead. An L2 guest with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor can read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) NULL pointer dereference
EUVDB-ID: #VU87738
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-6683
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when processing ClientCutText messages within the QEMU built-in VNC server. A remote authenticated VNC client can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) NULL pointer dereference
EUVDB-ID: #VU65676
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-24810
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in nsVacmAccessTable when handling malformed OID in a SET request. A remote user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) NULL pointer dereference
EUVDB-ID: #VU65672
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-24809
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in nsVacmAccessTable when handling malformed OID in GET-NEXT. A remote user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) NULL pointer dereference
EUVDB-ID: #VU65675
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-24808
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in NET-SNMP-AGENT-MIB::nsLogTable when handling malformed OID in a SET request. A remote user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds write
EUVDB-ID: #VU65674
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-24807
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to a boundary error in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable. A remote user can pass a malformed OID in a SET request, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Input validation error
EUVDB-ID: #VU65673
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-24806
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when SETing malformed OIDs in master agent and subagent simultaneously. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Out-of-bounds write
EUVDB-ID: #VU65671
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-24805
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when handling INDEX of NET-SNMP-VACM-MIB. A remote attacker can trick the victim into loading a specially crafted MIB collection, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Cross-site scripting
EUVDB-ID: #VU27052
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P/U:Clear]
CVE-ID: CVE-2020-11022
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: Yes
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the regex operation in "jQuery.htmlPrefilter". A remote attacker can pass specially crafted data to the application that uses .html()</code>, <code>.append() or similar methods for it and execute arbitrary JavaScript code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
27) Information disclosure
EUVDB-ID: #VU370
Risk: Low
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2016-2183
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to decrypt transmitted data.
The vulnerability exists due to remote user's ability to control the network and capture long duration 3DES CBC mode encrypted session during which he can see a part of the text. In case of repeated sending the attacker can read the part and reconstruct the whole text.
Successful exploitation of this vulnerability may allow a remote attacker to decode transmitted data. This vulnerability is known as SWEET32.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
28) Improper Neutralization of Argument Delimiters in a Command
EUVDB-ID: #VU88827
Risk: Low
CVSSv4.0: 5.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-32462
CWE-ID:
CWE-88 - Argument Injection or Modification
Exploit availability: No
DescriptionThe vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper input validation when handling CLI arguments in the RequestBackground portal. A malicious application can escape sandbox via a specially crafted arguments and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use-after-free
EUVDB-ID: #VU90078
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52801
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iopt_area_split() function in drivers/iommu/iommufd/io_pagetable.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Type Confusion
EUVDB-ID: #VU96744
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-6119
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error when performing certificate name checks. A remote attacker can supply a specially crafted X.509 certificate to the server, trigger a type confusion error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Memory leak
EUVDB-ID: #VU94206
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40936
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the devm_cxl_add_region() and __create_region() functions in drivers/cxl/core/region.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Integer overflow
EUVDB-ID: #VU96899
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-45492
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the nextScaffoldPart() function in xmlparse.c. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Integer overflow
EUVDB-ID: #VU96898
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-45491
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the dtdCopy() function in xmlparse.c. A remote attacker can pass specially crafted input to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Buffer Underwrite ('Buffer Underflow')
EUVDB-ID: #VU96897
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-45490
CWE-ID:
CWE-124 - Buffer Underwrite ('Buffer Underflow')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in xmlparse.c when handling negative length for XML_ParseBuffer. A remote attacker can pass specially crafted input to the application, trigger buffer underflow and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Integer overflow
EUVDB-ID: #VU95035
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42131
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the domain_dirty_limits(), node_dirty_limit(), dirty_background_bytes_handler() and dirty_bytes_handler() functions in mm/page-writeback.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Integer overflow
EUVDB-ID: #VU95034
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42102
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the wb_dirty_limits() function in mm/page-writeback.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Improper locking
EUVDB-ID: #VU94987
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42096
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the profile_pc() function in arch/x86/kernel/time.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Buffer overflow
EUVDB-ID: #VU95055
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42082
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __xdp_reg_mem_model() function in net/core/xdp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Use-after-free
EUVDB-ID: #VU94941
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41096
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the msi_capability_init() function in drivers/pci/msi/msi.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Double free
EUVDB-ID: #VU95011
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41073
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the nvme_cleanup_cmd() function in drivers/nvme/host/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) NULL pointer dereference
EUVDB-ID: #VU94979
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41055
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/mmzone.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Input validation error
EUVDB-ID: #VU95108
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41044
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ppp_read() and ppp_write() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Use-after-free
EUVDB-ID: #VU94949
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41040
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the net/sched/act_ct.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Use-after-free
EUVDB-ID: #VU94220
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40927
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xhci_invalidate_cancelled_tds() and xhci_handle_cmd_set_deq() functions in drivers/usb/host/xhci-ring.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Improper locking
EUVDB-ID: #VU91536
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26629
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the check_for_locks() and nfsd4_release_lockowner() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Use of uninitialized resource
EUVDB-ID: #VU93082
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38619
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the short_pack() and alauda_check_media() functions in drivers/usb/storage/alauda.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Out-of-bounds read
EUVDB-ID: #VU92328
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38559
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qedf_dbg_debug_cmd_write() function in drivers/scsi/qedf/qedf_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Use-after-free
EUVDB-ID: #VU92305
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36979
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the br_mst_vlan_set_state() and br_mst_set_state() functions in net/bridge/br_mst.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Out-of-bounds read
EUVDB-ID: #VU90272
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36883
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net_alloc_generic() and register_pernet_operations() functions in net/core/net_namespace.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Out-of-bounds read
EUVDB-ID: #VU90274
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36019
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the regcache_maple_drop() function in drivers/base/regmap/regcache-maple.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Reachable Assertion
EUVDB-ID: #VU90907
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36000
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the alloc_huge_page() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Input validation error
EUVDB-ID: #VU93678
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35875
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the setup_arch() function in arch/x86/kernel/setup.c, within the cc_mkdec() function in arch/x86/coco/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Out-of-bounds read
EUVDB-ID: #VU90310
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35797
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the filemap_cachestat() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Use-after-free
EUVDB-ID: #VU90165
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35791
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the svm_register_enc_region() function in arch/x86/kvm/svm/sev.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Input validation error
EUVDB-ID: #VU93686
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26946
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the can_probe() function in arch/x86/kernel/kprobes/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Use-after-free
EUVDB-ID: #VU90200
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26886
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bt_sock_recvmsg() and bt_sock_ioctl() functions in net/bluetooth/af_bluetooth.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Division by zero
EUVDB-ID: #VU91379
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26720
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the wb_dirty_limits() function in mm/page-writeback.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Resource management error
EUVDB-ID: #VU93781
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26630
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the filemap_cachestat() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJuniper Junos Space: 24.1R1 Patch V1 - 24.1R1
CPE2.3- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1 Patch V2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper_networks:juniper_junos_space:24.1R1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
