| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption while invoking IOCTL calls to unmap the DMA buffers. |
| Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location. |
| Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. |
| Transient DOS while parsing probe response and assoc response frame. |
| Memory corruption while processing concurrent IOCTL calls. |
| Memory corruption while processing IOCTL call for getting group info. |
| While processing the authentication message in UE, improper authentication may lead to information disclosure. |
| Information disclosure while deriving keys for a session for any Widevine use case. |
| Transient DOS during hypervisor virtual I/O operation in a virtual machine. |
| Memory corruption while processing command in Glink linux. |
| Memory corruption when IOCTL call is invoked from user-space to read board data. |
| Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. |
| Memory corruption during concurrent access to server info object due to unprotected critical field. |
| Memory corruption during management frame processing due to mismatch in T2LM info element. |
| Transient DOS may occur while processing the country IE. |
| An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an unauthenticated, network-based attacker, sending genuine traffic targeted to the device to cause the CPU to climb until the device becomes unresponsive.
Continuous receipt of these packets will create a sustained Denial of Service (DoS) condition.
This issue affects Junos OS:
* All versions before 21.4R3-S9,
* from 22.2 before 22.2R3-S5,
* from 22.4 before 22.4R3-S4,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S3,
* from 24.2 before 24.2R1-S1, 24.2R2.
An indicator of compromise is to review the CPU % of the httpd process in the CLI:
e.g.
show system processes extensive | match httpd PID nobody 52 0 20M 191M select 2 0:01 80.00% httpd{httpd} <<<<< the percentage of httpd usage if high may be an indicator |
| Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption. |
| The question bank filter required additional sanitizing to prevent a reflected XSS risk. |
| The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet.
An attacker with low privileged access to the application has the potential to execute commands on the operating system under the context of the webserver. |
| File contents could be read from the local file system by an attacker. Additionally, malicious code could be inserted in the file, leading to a full compromise of the web application and the container it is running on.
The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. The web application allows arbitrary files to be included in a file that was downloadable and executable by the web server. |