Vulnerabilities

A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos OS allows an attacker sending IPv6 traffic to an interface to effectively bypass any firewall filtering configured on the interface.<br /> <br /> Due to an issue with Junos OS kernel filter processing, the &amp;#39;payload-protocol&amp;#39; match is not being supported, causing any term containing it to accept all packets without taking any other action. In essence, these firewall filter terms were being processed as an &amp;#39;accept&amp;#39; for all traffic on the interface.<br /> <br /> This issue affects Junos OS: <br /> <br /> <br /> <br /> * all versions before 21.2R3-S9, <br /> * from 21.4 before 21.4R3-S11, <br /> * from 22.2 before 22.2R3-S7, <br /> * from 22.4 before 22.4R3-S7, <br /> * from 23.2 before 23.2R2-S4, <br /> * from 23.4 before 23.4R2-S5, <br /> * from 24.2 before 24.2R2-S1, <br /> * from 24.4 before 24.4R1-S2, 24.4R2.<br /> <br /> <br /> <br /> This is a more complete fix for previously published CVE-2024-21607 (JSA75748).

An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line cards allows an unauthenticated adjacent attacker to send a malformed packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS).<br /> <br /> Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.<br /> <br /> This issue affects Juniper Networks:<br /> Junos OS:<br /> * All versions before 22.2R3-S1,<br /> * from 22.4 before 22.4R2.<br /> <br /> <br /> This feature is not enabled by default.

An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local, low-privileged user to install scripts to be executed as root, leading to privilege escalation.<br /> <br /> A local user with access to the local file system can copy a script to the router in a way that will be executed as root, as the system boots. Execution of the script as root can lead to privilege escalation, potentially providing the adversary complete control of the system.<br /> <br /> This issue only affects specific line cards, such as the MPC10, MPC11, LC4800, LC9600, MX304-LMIC16, SRX4700, and EX9200-15C.<br /> <br /> This issue affects Junos OS: * from 23.2 before 23.2R2-S4, <br /> * from 23.4 before 23.4R2-S5, <br /> * from 24.2 before 24.2R2-S1, <br /> * from 24.4 before 24.4R1-S3, 24.4R2.<br /> <br /> <br /> <br /> <br /> <br /> <br /> This issue does not affect versions prior to 23.1R2.

A Use After Free vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an attacker sending a BGP update with a specifically malformed AS PATH to cause rpd to crash, resulting in a Denial of Service (DoS). Continuous receipt of the malformed AS PATH attribute will cause a sustained DoS condition.<br /> <br /> On all Junos OS and Junos OS Evolved platforms, the rpd process will crash and restart when a specifically malformed AS PATH is received within a BGP update and traceoptions are enabled.<br /> <br /> This issue only affects systems with BGP traceoptions enabled and requires a BGP session to be already established. Systems without BGP traceoptions enabled are not impacted by this issue.<br /> <br /> <br /> <br /> This issue affects:<br /> <br />  Junos OS:<br /> <br /> <br /> <br /> * All versions before 21.2R3-S9, <br /> * all versions of 21.4,<br /> * from 22.2 before 22.2R3-S6, <br /> * from 22.4 before 22.4R3-S5, <br /> * from 23.2 before 23.2R2-S3, <br /> * from 23.4 before 23.4R2-S4, <br /> * from 24.2 before 24.2R2; <br /> <br /> <br /> <br /> <br /> Junos OS Evolved: <br /> <br /> <br /> <br /> * All versions before 22.4R3-S5-EVO, <br /> * from 23.2-EVO before 23.2R2-S3-EVO, <br /> * from 23.4-EVO before 23.4R2-S4-EVO, <br /> * from 24.2-EVO before 24.2R2-EVO.<br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> This is a more complete fix for previously published CVE-2024-39549 (JSA83011).

Uncontrolled Recursion vulnerability in Apache Commons Lang.<br /> <br /> This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.<br /> <br /> The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a <br /> StackOverflowError could cause an application to stop.<br /> <br /> Users are recommended to upgrade to version 3.18.0, which fixes the issue.

A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands with root privileges.

An issue was discovered in eGroupWare 17.1.20190111. A User Enumeration vulnerability exists under calendar/freebusy.php, which allows unauthenticated remote attackers to enumerate the users of web applications based on server response.

An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected (XSS) vulnerability exists in calendar/freebusy.php, which allows unauthenticated remote attackers to inject arbitrary web script or HTML into the "user" HTTP/GET parameter, which reflects its input without sanitization.

A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe.

A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data.

A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information.

CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources<br /> to the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML<br /> diagrams.