Vulnerabilities

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this issue is the function save_designation of the file /classes/Master.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271058 is the identifier assigned to this vulnerability.

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service (DoS), server unavailability, and potential data loss or corruption.

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `"fn_index":66`. This unrestricted server restart capability can severely disrupt service availability, cause data loss or corruption, and potentially compromise system integrity.

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP neighbor to cause kernel memory exhaustion, leading to a kernel crash, resulting in a Denial of Service (DoS).<br /> <br /> The kernel memory leak and eventual crash will be seen when the downstream RSVP neighbor has a persistent error which will not be corrected.<br /> <br /> System kernel memory can be monitored through the use of the &amp;#39;show system kernel memory&amp;#39; command as shown below:<br /> <br /> user@router&gt; show system kernel memory   <br /> Real memory total/reserved: 4130268/ 133344 Kbytes<br /> kmem map free: 18014398509110220 Kbytes<br /> <br /> This issue affects:<br /> Junos OS:<br /> <br /> <br /> * All versions before 20.4R3-S9,<br /> * All versions of 21.2,<br /> * from 21.4 before 21.4R3-S5,<br /> * from 22.1 before 22.1R3-S5,<br /> * from 22.2 before 22.2R3-S3,<br /> * from 22.3 before 22.3R3-S2,<br /> * from 22.4 before 22.4R3,<br /> * from 23.2 before 23.2R2;<br /> <br /> <br /> Junos OS Evolved:<br /> <br /> <br /> * All versions before 21.4R3-S5-EVO,<br /> * from 22.1-EVO before 22.1R3-S5-EVO, <br /> * from 22.2-EVO before 22.2R3-S3-EVO, <br /> * from 22.3-EVO before 22.3R3-S2-EVO, <br /> * from 22.4-EVO before 22.4R3-EVO, <br /> * from 23.2-EVO before 23.2R2-EVO.

An Improper Neutralization of Data within XPath Expressions (&amp;#39;XPath Injection&amp;#39;) vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device. <br /> <br /> While an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user&amp;#39;s credentials. In the worst case, the attacker will have full control over the device.<br /> This issue affects Junos OS: <br /> <br /> <br /> <br /> * All versions before 21.2R3-S8, <br /> * from 21.4 before 21.4R3-S7,<br /> * from 22.2 before 22.2R3-S4,<br /> * from 22.3 before 22.3R3-S3,<br /> * from 22.4 before 22.4R3-S2,<br /> * from 23.2 before 23.2R2,<br /> * from 23.4 before 23.4R1-S1, 23.4R2.

A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by blocking SSH access for legitimate users. Continued receipt of these connections will create a sustained Denial of Service (DoS) condition.<br /> <br /> The issue is triggered when a high rate of concurrent SSH requests are received and terminated in a specific way, causing xinetd to crash, and leaving defunct sshd processes. Successful exploitation of this vulnerability blocks both SSH access as well as services which rely upon SSH, such as SFTP, and Netconf over SSH.<br /> <br /> Once the system is in this state, legitimate users will be unable to SSH to the device until service is manually restored.  See WORKAROUND section below.<br /> <br /> Administrators can monitor an increase in defunct sshd processes by utilizing the CLI command:<br /> <br />   &gt; show system processes | match sshd<br />   root   25219 30901 0 Jul16 ?       00:00:00 [sshd] <br /> <br /> This issue affects Juniper Networks Junos OS Evolved:<br /> * All versions prior to 21.4R3-S7-EVO<br /> * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S2-EVO;<br /> * 22.4-EVO versions prior to 22.4R3-EVO;<br /> * 23.2-EVO versions prior to 23.2R2-EVO.<br /> <br /> <br /> <br /> This issue does not affect Juniper Networks Junos OS Evolved 22.1-EVO nor 22.2-EVO.

An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on <br /> <br /> SRX4600 and SRX5000 Series<br /> <br /> allows an attacker to send TCP packets with <br /> <br /> SYN/FIN or SYN/RST<br /> <br /> flags, bypassing the expected blocking of these packets.<br /> <br /> A TCP packet with SYN/FIN or SYN/RST should be dropped in flowd. However, when no-syn-check and Express Path are enabled, these TCP packets are unexpectedly transferred to the downstream network.<br /> <br /> This issue affects Junos OS on SRX4600 and SRX5000 Series: <br /> <br /> <br /> * All versions before 21.2R3-S8, <br /> * from 21.4 before 21.4R3-S7, <br /> * from 22.1 before 22.1R3-S6, <br /> * from 22.2 before 22.2R3-S4, <br /> * from 22.3 before 22.3R3-S3, <br /> * from 22.4 before 22.4R3-S2, <br /> * from 23.2 before 23.2R2, <br /> * from 23.4 before 23.4R1-S1, 23.4R2.

An Improper Check for Unusual or Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS Evolved may allow a network-based unauthenticated attacker to crash the device (vmcore) by sending a specific TCP packet over an established TCP session with MD5 authentication enabled, destined to an accessible port on the device, resulting in a Denial of Service (DoS).  The receipt of this packet must occur within a specific timing window outside the attacker&amp;#39;s control (i.e., race condition).<br /> <br /> Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.<br /> <br /> This issue only affects dual RE systems with Nonstop Active Routing (NSR) enabled.<br /> Exploitation can only occur over TCP sessions with MD5 authentication enabled (e.g., BGP with MD5 authentication).<br /> <br /> This issue affects Junos OS Evolved: <br /> <br /> <br /> <br /> * All versions before 21.2R3-S8-EVO, <br /> * from 21.4-EVO before 21.4R3-S6-EVO, <br /> * from 22.1-EVO before 22.1R3-S4-EVO, <br /> * from 22.2-EVO before 22.2R3-S4-EVO, <br /> * from 22.3-EVO before 22.3R3-S3-EVO, <br /> * from 22.4-EVO before 22.4R2-S2-EVO, 22.4R3-EVO.

An Unchecked Return Value vulnerability in the Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows a logically adjacent, unauthenticated attacker sending a specific PIM packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS), when PIM is configured with Multicast-only Fast Reroute (MoFRR). Continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.<br /> <br /> This issue is observed on Junos and Junos Evolved platforms where PIM is configured along with MoFRR. MoFRR tries to select the active path, but due to an internal timing issue, rpd is unable to select the forwarding next-hop towards the source, resulting in an rpd crash.<br /> <br /> This issue affects:<br /> <br /> Junos OS: <br /> <br /> <br /> * All versions before 20.4R3-S10, <br /> * from 21.2 before 21.2R3-S7, <br /> * from 21.4 before 21.4R3-S6, <br /> * from 22.1 before 22.1R3-S5, <br /> * from 22.2 before 22.2R3-S3, <br /> * from 22.3 before 22.3R3, <br /> * from 22.4 before 22.4R2; <br /> <br /> <br /> <br /> <br /> Junos OS Evolved: <br /> <br /> <br /> * All versions before 20.4R3-S10 -EVO,<br /> * All versions of 21.2-EVO,<br /> * from 21.4-EVO before 21.4R3-S9-EVO,<br /> * from 22.1-EVO before 22.1R3-S5-EVO,<br /> * from 22.2-EVO before 22.2R3-S3-EVO,<br /> * from 22.3-EVO before 22.3R3-EVO,<br /> * from 22.4-EVO before 22.4R2-EVO.

An Uncontrolled Resource Consumption vulnerability in the <br /> <br /> Layer 2 Address Learning Daemon (l2ald)<br /> <br /> of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory leak, eventually exhausting all system memory, leading to a system crash and Denial of Service (DoS).<br /> <br /> Certain MAC table updates cause a small amount of memory to leak.  Once memory utilization reaches its limit, the issue will result in a system crash and restart.<br /> <br /> To identify the issue, execute the CLI command:<br /> <br /> user@device&gt; show platform application-info allocations app l2ald-agent<br /> EVL Object Allocation Statistics:<br /> <br /> Node   Application     Context Name                               Live   Allocs   Fails     Guids<br /> re0   l2ald-agent               net::juniper::rtnh::L2Rtinfo       1069096 1069302   0         1069302<br /> re0   l2ald-agent               net::juniper::rtnh::NHOpaqueTlv     114     195       0         195<br /> <br /> <br /> <br /> This issue affects Junos OS Evolved: <br /> <br /> <br /> * All versions before 21.4R3-S8-EVO,<br /> <br /> * from 22.2-EVO before 22.2R3-S4-EVO, <br /> * from 22.3-EVO before 22.3R3-S3-EVO, <br /> * from 22.4-EVO before 22.4R3-EVO, <br /> * from 23.2-EVO before 23.2R2-EVO.

A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service (DoS) or privileged code execution.<br /> <br /> By exploiting the &amp;#39;set security certificates&amp;#39; command with a crafted certificate file, a malicious attacker with access to the CLI could cause a crash of the command management daemon (mgd), limited to the local user&amp;#39;s command interpreter, or potentially trigger a stack-based buffer overflow.<br /> <br /> <br /> This issue affects:<br /> <br />  Junos OS: <br /> <br /> <br /> * All versions before 21.4R3-S7, <br /> * from 22.1 before 22.1R3-S6, <br /> * from 22.2 before 22.2R3-S4, <br /> * from 22.3 before 22.3R3-S3, <br /> * from 22.4 before 22.4R3-S2, <br /> * from 23.2 before 23.2R2, <br /> * from 23.4 before 23.4R1-S1, 23.4R2; <br /> <br /> <br /> <br /> <br /> Junos OS Evolved: <br /> <br /> <br /> * All versions before 21.4R3-S7-EVO, <br /> * from 22.1-EVO before 22.1R3-S6-EVO, <br /> * from 22.2-EVO before 22.2R3-S4-EVO, <br /> * from 22.3-EVO before 22.3R3-S3-EVO, <br /> * from 22.4-EVO before 22.4R3-S2-EVO, <br /> * from 23.2-EVO before 23.2R2-EVO, <br /> * from 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO.

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).<br /> <br /> In an EVPN/VXLAN scenario, when a high amount specific Layer 2 packets are processed by the device, it can cause the Routing Protocol Daemon (rpd) to utilize all CPU resources which causes the device to hang. A manual restart of the rpd is required to restore services.<br /> <br /> This issue affects both IPv4 and IPv6 implementations.<br /> This issue affects<br /> Junos OS:<br /> All versions earlier than 21.4R3-S7;<br /> 22.1 versions earlier than 22.1R3-S5;<br /> 22.2 versions earlier than 22.2R3-S3;<br /> 22.3 versions earlier than 22.3R3-S3;<br /> 22.4 versions earlier than 22.4R3-S2;<br /> 23.2 versions earlier than 23.2R2;<br /> 23.4 versions earlier than 23.4R1-S1.<br /> <br /> Junos OS Evolved:<br /> All versions earlier than 21.4R3-S7-EVO;<br /> 22.1-EVO versions earlier than 22.1R3-S5-EVO;<br /> 22.2-EVO versions earlier than 22.2R3-S3-EVO;<br /> 22.3-EVO versions earlier than 22.3R3-S3-EVO;<br /> 22.4-EVO versions earlier than 22.4R3-S2-EVO;<br /> 23.2-EVO versions earlier than 23.2R2-EVO;<br /> 23.4-EVO versions earlier than 23.4R1-S1-EVO, 23.4R2-EVO.