admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-04-09 20:00:32 +00:00
parent f8c4bc72b6
commit b21ddfe686
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
17 changed files with 2288 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2024/55xxx/CVE-2024-55210.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-55210",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-55210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in TOTVS Framework (Linha Protheus) 12.1.2310 allows attackers to bypass multi-factor authentication (MFA) via a crafted websocket message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/c4cnm/CVE-2024-55210/",
"url": "https://github.com/c4cnm/CVE-2024-55210/"
}
]
}

162
2025/21xxx/CVE-2025-21591.json
View File

@ -1,17 +1,171 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-21591",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "sirt@juniper.net",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition.\n\nContinuous receipt of these DHCP packets using the malformed DHCP Option will create a sustained Denial of Service (DoS) condition.\n\n\nThis issue affects Junos OS:\n\n\n\n * from 23.1R1 before 23.2R2-S3,\n * from 23.4 before 23.4R2-S3,\n * from 24.2 before 24.2R2.\n\n\nThis issue isn't applicable to any versions of Junos OS before 23.1R1. \n\n\n\nThis issue doesn't affect vSRX Series which doesn't support DHCP Snooping. \n\nThis issue doesn't affect Junos OS Evolved.\n\nThere are no indicators of compromise for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-805: Buffer Access with Incorrect Length Value",
"cweId": "CWE-805"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Juniper Networks",
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "23.2R2-S3",
"status": "affected",
"version": "23.1R1",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S3",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "23.1R1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://supportportal.juniper.net/JSA96448",
"refsource": "MISC",
"name": "https://supportportal.juniper.net/JSA96448"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "JSA96448",
"defect": [
"1827395"
],
"discovery": "INTERNAL"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The required minimal configuration is DHCP is configured with DHCP snooping enabled with&nbsp;<span style=\"background-color: var(--wht);\">the mine-dhcp-client-options and/or mine-dhcpv6-client-options.</span><p><span style=\"background-color: var(--wht);\">&nbsp; [ vlans &lt;vlan-name&gt; forwarding-options dhcp-security </span>mine-dhcp-client-options ]<br>&nbsp; [ mine-dhcpv6-client-options ]<br></p><p>Please note: It is atypical to use the above configuration with a DHCP server on the same device.</p>"
}
],
"value": "The required minimal configuration is DHCP is configured with DHCP snooping enabled with\u00a0the mine-dhcp-client-options and/or mine-dhcpv6-client-options.\u00a0 [ vlans <vlan-name> forwarding-options dhcp-security mine-dhcp-client-options ]\n\u00a0 [ mine-dhcpv6-client-options ]\n\n\nPlease note: It is atypical to use the above configuration with a DHCP server on the same device."
}
],
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases.<br><br><br>"
}
],
"value": "The following software releases have been updated to resolve this specific issue: 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
]
}

192
2025/21xxx/CVE-2025-21594.json
View File

@ -1,17 +1,201 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-21594",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "sirt@juniper.net",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series causes a port within a pool to be blocked leading to Denial of Service (DoS).\n\nIn a DS-Lite (Dual-Stack Lite) and NAT (Network Address Translation) scenario, when crafted IPv6 traffic is received and\u00a0prefix-length is set to 56,\u00a0the ports assigned to the user will not be freed.\u00a0 Eventually, users cannot establish new connections. Affected FPC/PIC need to be manually restarted to recover.\nFollowing is the command to identify the issue:\u00a0\n\n\n\u00a0 \u00a0 user@host> show services nat source port-block\u00a0\n\u2003\u2003\u2003\u2003Host_IP \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 External_IP \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Port_Block\u00a0 \u00a0 \u00a0 Ports_Used/ \u00a0 \u00a0 \u00a0 Block_State/\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Range \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Ports_Total \u00a0 \u00a0 \u00a0 Left_Time(s)\n\u2003\u2003\u2003\u20032001::\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 x.x.x.x\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a058880-59391\u00a0 \u00a0 \u00a0256/256*1\u00a0 \u00a0 \u00a0 \u00a0 \u00a0Active/- \u00a0 \u00a0 \u00a0 >>>>>>>>port still usedThis issue affects Junos OS on MX Series:\u00a0\n\n * from 21.2 before 21.2R3-S8,\u00a0\n * from 21.4 before 21.4R3-S7,\u00a0\n * from 22.1 before 22.1R3-S6,\u00a0\n * from 22.2 before 22.2R3-S4,\u00a0\n * from 22.3 before 22.3R3-S3,\u00a0\n * from 22.4 before 22.4R3-S2,\u00a0\n * from 23.2 before 23.2R2-S1,\u00a0\n * from 23.4 before 23.4R1-S2, 23.4R2.\n\n\nThis issue does not affect versions before 20.2R1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"cweId": "CWE-754"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Juniper Networks",
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "21.2R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S7",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S6",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2, 23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "20.2R1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://supportportal.juniper.net/JSA96449",
"refsource": "MISC",
"name": "https://supportportal.juniper.net/JSA96449"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "JSA96449",
"defect": [
"1785403"
],
"discovery": "USER"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue only occurs when below config is enabled:<br><br><tt>[ set services service-set &lt;*&gt; softwire-options dslite-ipv6-prefix-length 56]<br></tt><br><br>"
}
],
"value": "This issue only occurs when below config is enabled:\n\n[ set services service-set <*> softwire-options dslite-ipv6-prefix-length 56]"
}
],
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Modify the IPv6 prefix-length to be 64/96/128 through the command:<br><tt><br>[ set services service-set &lt;*&gt; softwire-options dslite-ipv6-prefix-length 64/96/128]</tt>"
}
],
"value": "Modify the IPv6 prefix-length to be 64/96/128 through the command:\n\n[ set services service-set <*> softwire-options dslite-ipv6-prefix-length 64/96/128]"
}
],
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: <br><br>Junos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2-S1, 23.4R1-S2, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2-S1, 23.4R1-S2, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

187
2025/21xxx/CVE-2025-21595.json
View File

@ -1,17 +1,196 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-21595",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "sirt@juniper.net",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Missing Release of Memory after Effective Lifetime\u00a0vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved platforms, in an EVPN-VXLAN scenario, when specific ARP packets are received on an IPv4 network, or specific NDP packets are received on an IPv6 network, kernel heap memory leaks, which eventually leads to an FPC crash and restart.\n\nThis issue does not affect MX Series platforms.\nHeap size growth on FPC can be seen using below command.\n\n\nuser@host> show chassis fpc\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Temp CPU Utilization (%) CPU Utilization (%) Memory \u00a0 Utilization (%)\nSlot State \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 (C) Total Interrupt \u00a0 \u00a0 1min \u00a0 5min \u00a0 15min \u00a0 DRAM (MB) \u00a0 Heap \u00a0 Buffer\n\u00a0 0 Online \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 45 \u00a0 \u00a0 3 \u00a0 \u00a0 \u00a0 \u00a0 0 \u00a0 \u00a0 \u00a0 2 \u00a0 \u00a0 \u00a0 2 \u00a0 \u00a0 \u00a02 \u00a0 \u00a0 \u00a0 32768 \u00a0 \u00a0 \u00a019\u00a0 \u00a0 \u00a0 \u00a00\u2003<<<<<<< Heap increase in all fPCs\n\n\nThis issue affects Junos OS:\n\n * All versions before 21.2R3-S7,\n * 21.4 versions before 21.4R3-S4,\n * 22.2 versions before 22.2R3-S1,\u00a0\n * 22.3 versions before 22.3R3-S1,\u00a0\n * 22.4 versions before 22.4R2-S2, 22.4R3.\n\n\nand Junos OS Evolved:\n\n * All versions before 21.2R3-S7-EVO,\n * 21.4-EVO versions before 21.4R3-S4-EVO,\n * 22.2-EVO versions before 22.2R3-S1-EVO,\u00a0\n * 22.3-EVO versions before 22.3R3-S1-EVO,\u00a0\n\n * 22.4-EVO versions before 22.4R3-EVO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401 Missing Release of Memory after Effective Lifetime",
"cweId": "CWE-401"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Juniper Networks",
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "21.2R3-S7"
},
{
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R3-S4"
},
{
"version_affected": "<",
"version_name": "22.2",
"version_value": "22.2R3-S1"
},
{
"version_affected": "<",
"version_name": "22.3",
"version_value": "22.3R3-S1"
},
{
"version_affected": "<",
"version_name": "22.4",
"version_value": "22.4R2-S2, 22.4R3"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "21.2R3-S7-EVO"
},
{
"version_affected": "<",
"version_name": "21.4-EVO",
"version_value": "21.4R3-S4-EVO"
},
{
"version_affected": "<",
"version_name": "22.2-EVO",
"version_value": "22.2R3-S1-EVO"
},
{
"version_affected": "<",
"version_name": "22.3-EVO",
"version_value": "22.3R3-S1-EVO"
},
{
"version_affected": "<",
"version_name": "22.4-EVO",
"version_value": "22.4R3-EVO"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://supportportal.juniper.net/JSA96450",
"refsource": "MISC",
"name": "https://supportportal.juniper.net/JSA96450"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-av217"
},
"source": {
"advisory": "JSA96450",
"defect": [
"1731460"
],
"discovery": "INTERNAL"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To be exposed to this issue the device must be configured for EVPN-VXLAN. Refer to product documentation for how to configure EVPN-VXLAN as there are different configuration options."
}
],
"value": "To be exposed to this issue the device must be configured for EVPN-VXLAN. Refer to product documentation for how to configure EVPN-VXLAN as there are different configuration options."
}
],
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>The following software releases have been updated to resolve this specific issue.</p><p>Junos OS: 21.2R3-S7, 21.4R3-S4, 22.2R3-S1, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases.</p><p>Junos OS Evolved: 21.2R3-S7-EVO, 21.4R3-S4-EVO, 22.2R3-S1-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.</p>"
}
],
"value": "The following software releases have been updated to resolve this specific issue.\n\nJunos OS: 21.2R3-S7, 21.4R3-S4, 22.2R3-S1, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases.\n\nJunos OS Evolved: 21.2R3-S7-EVO, 21.4R3-S4-EVO, 22.2R3-S1-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

212
2025/21xxx/CVE-2025-21597.json
View File

@ -1,17 +1,221 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-21597",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "sirt@juniper.net",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer to cause Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved platforms, when BGP rib-sharding and update-threading are configured, and a BGP peer flap is done with specific timing, rpd crashes and restarts. Continuous peer flapping at specific time intervals will result in a sustained Denial of Service (DoS) condition.\n\nThis issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. The issue can occur with or without logical-systems enabled.\n\nThis issue affects:\nJunos OS:\n\n\n\n * All versions before 20.4R3-S8,\n * 21.2 versions before 21.2R3-S6,\n\n * 21.3 versions before 21.3R3-S5,\n * 21.4 versions before 21.4R3-S4,\n * 22.1 versions before 22.1R3-S3,\n * 22.2 versions before 22.2R3-S1,\n * 22.3 versions before 22.3R3,\n * 22.4 versions before 22.4R3.\n\n\nJunos OS Evolved:\n\n\n\n * All versions before 21.2R3-S6-EVO,\n * 21.3-EVO versions before 21.3R3-S5-EVO,\n * 21.4-EVO versions before 21.4R3-S4-EVO,\n * 22.1-EVO versions before 22.1R3-S3-EVO,\n * 22.2-EVO versions before :22.2R3-S1-EVO,\n * 22.3-EVO versions before 22.3R3-EVO,\n * 22.4-EVO versions before 22.4R3-EVO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"cweId": "CWE-754"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Juniper Networks",
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "20.4R3-S8"
},
{
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R3-S6"
},
{
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R3-S5"
},
{
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R3-S4"
},
{
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R3-S3"
},
{
"version_affected": "<",
"version_name": "22.2",
"version_value": "22.2R3-S1"
},
{
"version_affected": "<",
"version_name": "22.3",
"version_value": "22.3R3"
},
{
"version_affected": "<",
"version_name": "22.4",
"version_value": "22.4R3"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "21.2R3-S6-EVO"
},
{
"version_affected": "<",
"version_name": "21.3-EVO",
"version_value": "21.3R3-S5-EVO"
},
{
"version_affected": "<",
"version_name": "21.4-EVO",
"version_value": "21.4R3-S4-EVO"
},
{
"version_affected": "<",
"version_name": "22.1-EVO",
"version_value": "22.1R3-S3-EVO"
},
{
"version_affected": "<",
"version_name": "22.2-EVO",
"version_value": "22.2R3-S1-EVO"
},
{
"version_affected": "<",
"version_name": "22.3-EVO",
"version_value": "22.3R3-EVO"
},
{
"version_affected": "<",
"version_name": "22.4-EVO",
"version_value": "22.4R3-EVO"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://kb.juniper.net/JSA96451",
"refsource": "MISC",
"name": "https://kb.juniper.net/JSA96451"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-av217"
},
"source": {
"advisory": "JSA96451",
"defect": [
"1732833"
],
"discovery": "USER"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For this issue to occur, BGP rib-sharding and update-threading needs to be configured:<br><br><tt>[system processes routing bgp rib-sharding]<br>[<span style=\"background-color: rgb(255, 255, 255);\">system processes routing bgp update-threading</span>]</tt>"
}
],
"value": "For this issue to occur, BGP rib-sharding and update-threading needs to be configured:\n\n[system processes routing bgp rib-sharding]\n[system processes routing bgp update-threading]"
}
],
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>The following software releases have been updated to resolve this specific issue:</p><p>Junos OS: 20.4R3-S8,&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.4R3, 23.2R1</span>, and all subsequent releases.</p><p>Junos OS Evolved: <span style=\"background-color: rgb(255, 255, 255);\">21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.2R3-S1-EVO, 22.3R3-EVO, 22.4R3-EVO, 23.2R1-EVO</span>, and all subsequent releases.</p>"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 20.4R3-S8,\u00a021.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.4R3, 23.2R1, and all subsequent releases.\n\nJunos OS Evolved: 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.2R3-S1-EVO, 22.3R3-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

165
2025/21xxx/CVE-2025-21601.json
View File

@ -1,17 +1,174 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-21601",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "sirt@juniper.net",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of\u00a0Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an\u00a0unauthenticated, network-based attacker, sending genuine traffic targeted to the device to cause the CPU to climb until the device becomes unresponsive. \n\nContinuous receipt of these packets will create a sustained Denial of Service (DoS) condition.\n\n\n\n\nThis issue affects Junos OS:\u00a0\n\n\n\n * All versions before 21.4R3-S9,\n * from 22.2 before 22.2R3-S5,\n * from 22.4 before 22.4R3-S4,\n * from 23.2 before 23.2R2-S3,\n * from 23.4 before 23.4R2-S3,\n * from 24.2 before 24.2R1-S1, 24.2R2.\n\n\nAn indicator of compromise is to review the CPU % of the httpd process in the CLI:\ne.g.\n\u00a0\u00a0show system processes extensive | match httpd\u00a0 PID nobody \u00a0 \u00a0 \u00a0 52 \u00a0 0 \u00a0 20M\u00a0 \u00a0 191M select \u00a0 2 \u00a0 0:01 \u00a0 80.00% httpd{httpd} <<<<< the percentage of httpd usage if high may be an indicator"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "573 - Improper Following of Specification by Caller"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Juniper Networks",
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "21.4R3-S9"
},
{
"version_affected": "<",
"version_name": "22.2",
"version_value": "22.2R3-S5"
},
{
"version_affected": "<",
"version_name": "22.4",
"version_value": "22.4R3-S4"
},
{
"version_affected": "<",
"version_name": "23.2",
"version_value": "23.2R2-S3"
},
{
"version_affected": "<",
"version_name": "23.4",
"version_value": "23.4R2-S3"
},
{
"version_affected": "<",
"version_name": "24.2",
"version_value": "24.2R1-S1, 24.2R2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://supportportal.juniper.net/JSA96452",
"refsource": "MISC",
"name": "https://supportportal.juniper.net/JSA96452"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "JSA96452",
"defect": [
"1827265"
],
"discovery": "USER"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>The following minimal configuration is necessary:</p><code>&nbsp; [ system services web-management ]</code>"
}
],
"value": "The following minimal configuration is necessary:\n\n\u00a0 [ system services web-management ]"
}
],
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue.<br><br>To reduce the risk of exploitation use authentication when using web management services.<br>"
}
],
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation use authentication when using web management services."
}
],
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS: 21.4R3-S9, 22.2R3-S5, 22.4R3-S4, 23.2R2-S3, 23.4R2-S3, 24.2R1-S1, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos OS: 21.4R3-S9, 22.2R3-S5, 22.4R3-S4, 23.2R2-S3, 23.4R2-S3, 24.2R1-S1, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"credits": [
{
"lang": "en",
"value": "Alexander Zielke with VegaSystems GmbH & Co. KG"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

113
2025/26xxx/CVE-2025-26888.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-26888",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OnTheGoSystems",
"product": {
"product_data": [
{
"product_name": "WooCommerce Multilingual & Multicurrency",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "5.3.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.3.8",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/woocommerce-multilingual/vulnerability/wordpress-woocommerce-multilingual-multicurrency-plugin-5-3-8-broken-access-control-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/woocommerce-multilingual/vulnerability/wordpress-woocommerce-multilingual-multicurrency-plugin-5-3-8-broken-access-control-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress WooCommerce Multilingual & Multicurrency plugin to the latest available version (at least 5.3.9)."
}
],
"value": "Update the WordPress WooCommerce Multilingual & Multicurrency plugin to the latest available version (at least 5.3.9)."
}
],
"credits": [
{
"lang": "en",
"value": "Rafie Muhammad (Patchstack)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

85
2025/26xxx/CVE-2025-26901.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-26901",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in Brizy Brizy Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy Pro: from n/a through 2.6.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Brizy",
"product": {
"product_data": [
{
"product_name": "Brizy Pro",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "2.6.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/brizy-pro/vulnerability/wordpress-brizy-pro-plugin-2-6-1-broken-access-control-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/brizy-pro/vulnerability/wordpress-brizy-pro-plugin-2-6-1-broken-access-control-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Rafie Muhammad (Patchstack)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

85
2025/26xxx/CVE-2025-26902.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-26902",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Brizy Brizy Pro allows Cross Site Request Forgery.This issue affects Brizy Pro: from n/a through 2.6.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Brizy",
"product": {
"product_data": [
{
"product_name": "Brizy Pro",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "2.6.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/brizy-pro/vulnerability/wordpress-brizy-pro-plugin-2-6-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/brizy-pro/vulnerability/wordpress-brizy-pro-plugin-2-6-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Rafie Muhammad (Patchstack)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

100
2025/2xxx/CVE-2025-2631.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2631",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@ni.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NI",
"product": {
"product_data": [
{
"product_name": "LabVIEW",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "22.3.4"
},
{
"version_affected": "<",
"version_name": "23.1.0",
"version_value": "23.3.5"
},
{
"version_affected": "<",
"version_name": "24.1.0",
"version_value": "24.3.2"
},
{
"version_affected": "<",
"version_name": "25.1.0",
"version_value": "25.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-vulnerabilities-in-ni-labview.html",
"refsource": "MISC",
"name": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-vulnerabilities-in-ni-labview.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Michael Heinzl working with CISA"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

100
2025/2xxx/CVE-2025-2632.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2632",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@ni.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NI",
"product": {
"product_data": [
{
"product_name": "LabVIEW",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "22.3.4"
},
{
"version_affected": "<",
"version_name": "23.1.0",
"version_value": "23.3.5"
},
{
"version_affected": "<",
"version_name": "24.1.0",
"version_value": "24.3.2"
},
{
"version_affected": "<",
"version_name": "25.1.0",
"version_value": "25.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-vulnerabilities-in-ni-labview.html",
"refsource": "MISC",
"name": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-vulnerabilities-in-ni-labview.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Michael Heinzl working with CISA"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

160
2025/30xxx/CVE-2025-30644.json
View File

@ -1,17 +1,169 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-30644",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "sirt@juniper.net",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series allows an attacker to send a specific DHCP packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nUnder a rare timing scenario outside the attacker's control, memory corruption may be observed when DHCP Option 82 is enabled, leading to an FPC crash and affecting packet forwarding. Due to the nature of the heap-based overflow, exploitation of this vulnerability could also lead to remote code execution within the FPC, resulting in complete control of the vulnerable component.\nThis issue affects Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series: \n\n\n\n\n * All versions before 21.4R3-S9,\u00a0\n * from 22.2 before 22.2R3-S5,\u00a0\n * from 22.4 before 22.4R3-S5,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S3,\u00a0\n * from 24.2 before 24.2R2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Juniper Networks",
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "21.4R3-S9"
},
{
"version_affected": "<",
"version_name": "22.2",
"version_value": "22.2R3-S5"
},
{
"version_affected": "<",
"version_name": "22.4",
"version_value": "22.4R3-S5"
},
{
"version_affected": "<",
"version_name": "23.2",
"version_value": "23.2R2-S3"
},
{
"version_affected": "<",
"version_name": "23.4",
"version_value": "23.4R2-S3"
},
{
"version_affected": "<",
"version_name": "24.2",
"version_value": "24.2R2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://supportportal.juniper.net/JSA96453",
"refsource": "MISC",
"name": "https://supportportal.juniper.net/JSA96453"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "JSA96453",
"defect": [
"1818760"
],
"discovery": "USER"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue only occurs when DHCP forwarding-options Option 82 is enabled, as shown below:<br><br><tt>[vlans &lt;name&gt; forwarding-options dhcp-security option-82]</tt>"
}
],
"value": "This issue only occurs when DHCP forwarding-options Option 82 is enabled, as shown below:\n\n[vlans <name> forwarding-options dhcp-security option-82]"
}
],
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Disable&nbsp;dhcp-option82 if it is not required."
}
],
"value": "Disable\u00a0dhcp-option82 if it is not required."
}
],
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S9, 22.2R3-S5, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases.<br>"
}
],
"value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S9, 22.2R3-S5, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

160
2025/30xxx/CVE-2025-30645.json
View File

@ -1,17 +1,169 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-30645",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "sirt@juniper.net",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stack (DS) Lite tunnel to crash the flowd process, resulting in a Denial of Service (DoS).\u00a0 Continuous triggering of specific control traffic will create a sustained Denial of Service (DoS) condition.\n\nOn all SRX platforms, when specific, valid control traffic needs to be sent out of a DS-Lite tunnel, a segmentation fault occurs within the flowd process, resulting in a network outage until the flowd process restarts.\n\nThis issue affects Junos OS on SRX Series: \n * All versions before 21.2R3-S9, \n * from 21.4 before 21.4R3-S9, \n * from 22.2 before 22.2R3-S5, \n * from 22.4 before 22.4R3-S6, \n * from 23.2 before 23.2R2-S3, \n * from 23.4 before 23.4R2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Juniper Networks",
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "21.2R3-S9"
},
{
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R3-S9"
},
{
"version_affected": "<",
"version_name": "22.2",
"version_value": "22.2R3-S5"
},
{
"version_affected": "<",
"version_name": "22.4",
"version_value": "22.4R3-S6"
},
{
"version_affected": "<",
"version_name": "23.2",
"version_value": "23.2R2-S3"
},
{
"version_affected": "<",
"version_name": "23.4",
"version_value": "23.4R2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://supportportal.juniper.net/JSA96455",
"refsource": "MISC",
"name": "https://supportportal.juniper.net/JSA96455"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "JSA96455",
"defect": [
"1779792"
],
"discovery": "INTERNAL"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exploitation of this issue requires DS-Lite tunneling to be configured:<br><br><tt>[ services softwire softwire-concentrator ds-lite ...]</tt>"
}
],
"value": "Exploitation of this issue requires DS-Lite tunneling to be configured:\n\n[ services softwire softwire-concentrator ds-lite ...]"
}
],
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.2R3-S9, 21.4R3-S9, 22.2R3-S5, 22.4R3-S6, 23.2R2-S3, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.2R3-S9, 21.4R3-S9, 22.2R3-S5, 22.4R3-S6, 23.2R2-S3, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

202
2025/30xxx/CVE-2025-30646.json
View File

@ -1,17 +1,211 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-30646",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "sirt@juniper.net",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated adjacent attacker sending a specifically malformed LLDP TLV to cause the l2cpd process to crash and restart, causing a Denial of Service (DoS).\u00a0 Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nWhen an LLDP telemetry subscription is active, receipt of a specifically malformed LLDP TLV causes the l2cpd process to crash and restart.\n\n\n\nThis issue affects:\n\nJunos OS: \n\n\n * All versions before 21.2R3-S9,\u00a0\n * from 21.4 before 21.4R3-S10,\u00a0\n * from 22.2 before 22.2R3-S6,\u00a0\n * from 22.4 before 22.4R3-S6,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S4,\u00a0\n * from 24.2 before 24.2R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * All versions before 21.4R3-S10-EVO,\n * from 22.2-EVO before 22.2R3-S6-EVO,\u00a0\n * from 22.4-EVO before 22.4R3-S6-EVO,\u00a0\n * from 23.2-EVO before 23.2R2-S3-EVO,\u00a0\n * from 23.4-EVO before 23.4R2-S4-EVO,\u00a0\n * from 24.2-EVO before 24.2R2-EVO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-195 Signed to Unsigned Conversion Error",
"cweId": "CWE-195"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Juniper Networks",
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "21.2R3-S9"
},
{
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R3-S10"
},
{
"version_affected": "<",
"version_name": "22.2",
"version_value": "22.2R3-S6"
},
{
"version_affected": "<",
"version_name": "22.4",
"version_value": "22.4R3-S6"
},
{
"version_affected": "<",
"version_name": "23.2",
"version_value": "23.2R2-S3"
},
{
"version_affected": "<",
"version_name": "23.4",
"version_value": "23.4R2-S4"
},
{
"version_affected": "<",
"version_name": "24.2",
"version_value": "24.2R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "21.4R3-S10-EVO"
},
{
"version_affected": "<",
"version_name": "22.2-EVO",
"version_value": "22.2R3-S6-EVO"
},
{
"version_affected": "<",
"version_name": "22.4-EVO",
"version_value": "22.4R3-S6-EVO"
},
{
"version_affected": "<",
"version_name": "23.2-EVO",
"version_value": "23.2R2-S3-EVO"
},
{
"version_affected": "<",
"version_name": "23.4-EVO",
"version_value": "23.4R2-S4-EVO"
},
{
"version_affected": "<",
"version_name": "24.2-EVO",
"version_value": "24.2R2-EVO"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://supportportal.juniper.net/JSA96456",
"refsource": "MISC",
"name": "https://supportportal.juniper.net/JSA96456"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "JSA96456",
"defect": [
"1845098"
],
"discovery": "INTERNAL"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Only systems configured for LLDP with active telemetry subscriptions are vulnerable to this issue:<br><br><tt>[ protocols lldp ]</tt><br><br>and:<br><br><tt>[ system services extension-service request-response ]</tt>"
}
],
"value": "Only systems configured for LLDP with active telemetry subscriptions are vulnerable to this issue:\n\n[ protocols lldp ]\n\nand:\n\n[ system services extension-service request-response ]"
}
],
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:&nbsp;<br>Junos OS: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases.<br>Junos OS Evolved: 21.4R3-S10-EVO, 22.2R3-S6-EVO, 22.4R3-S6-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases.<br><br>"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\u00a0\nJunos OS: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases.\nJunos OS Evolved: 21.4R3-S10-EVO, 22.2R3-S6-EVO, 22.4R3-S6-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

165
2025/30xxx/CVE-2025-30647.json
View File

@ -1,17 +1,174 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-30647",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "sirt@juniper.net",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).\n\nIn a subscriber management scenario, login/logout activity triggers a memory leak, and the leaked memory gradually increments and eventually results in a\u00a0crash.\u00a0\n\u00a0 \u00a0\n\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003user@host> show chassis fpc\n\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003Temp \u2003\u2003 CPU Utilization (%) \u2003\u2003CPU Utilization (%) \u2003 Memory \u00a0 \u2003\u2003Utilization (%)\n\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003Slot State\u00a0 \u00a0 \u00a0 \u00a0(C) \u2003\u2003\u00a0 Total\u00a0 \u00a0Interrupt \u00a0 \u00a0 1min\u00a0 \u00a05min\u00a0 15min \u2003 \u2003DRAM (MB) \u2003Heap \u00a0 Buffer\n\n\u00a0 \u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u20032 Online\u00a0 \u00a0 \u00a0 \u00a0 \u00a036 \u00a0 \u2003\u2003\u2003 10 \u00a0 \u00a0 \u00a0 \u00a0 0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 9 \u00a0 \u00a0 8 \u00a0 \u00a0 9 \u00a0 \u2003\u2003\u2003\u2003\u200332768 \u00a0 \u00a0 \u200326 \u00a0 \u00a0 \u00a0 \u00a0 0\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\n\nThis issue affects Junos OS on MX Series: \n * All versions before 21.2R3-S9\n * from 21.4 before 21.4R3-S10\n * from 22.2 before 22.2R3-S6\n * from 22.4 before 22.4R3-S5\n * from 23.2 before 23.2R2-S3\n * from 23.4 before 23.4R2-S3\n * from 24.2 before 24.2R2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401 Missing Release of Memory after Effective Lifetime",
"cweId": "CWE-401"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Juniper Networks",
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "21.2R3-S9"
},
{
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R3-S10"
},
{
"version_affected": "<",
"version_name": "22.2",
"version_value": "22.2R3-S6"
},
{
"version_affected": "<",
"version_name": "22.4",
"version_value": "22.4R3-S5"
},
{
"version_affected": "<",
"version_name": "23.2",
"version_value": "23.2R2-S3"
},
{
"version_affected": "<",
"version_name": "23.4",
"version_value": "23.4R2-S3"
},
{
"version_affected": "<",
"version_name": "24.2",
"version_value": "24.2R2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://supportportal.juniper.net/JSA96457",
"refsource": "MISC",
"name": "https://supportportal.juniper.net/JSA96457"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "JSA96457",
"defect": [
"1827261"
],
"discovery": "INTERNAL"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To be exposed to this vulnerability subscriber management needs to be enabled via:<br><br><tt>[system services subscriber-management enable]</tt><br>"
}
],
"value": "To be exposed to this vulnerability subscriber management needs to be enabled via:\n\n[system services subscriber-management enable]"
}
],
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: <br><br>Junos OS: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

192
2025/30xxx/CVE-2025-30648.json
View File

@ -1,17 +1,201 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-30648",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "sirt@juniper.net",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Input Validation vulnerability in the\u00a0Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause the jdhcpd process to crash resulting in a Denial of Service (DoS).\n\nWhen a specifically malformed DHCP packet is received from a DHCP client, the jdhcpd process crashes, which\u00a0will lead to the unavailability of the DHCP service and thereby resulting in a sustained DoS.\u00a0The DHCP process will restart automatically to recover the service.\n\nThis issue will occur when\u00a0dhcp-security is enabled.\u00a0\nThis issue affects Junos OS:\u00a0\n\n\n\n * All versions before 21.2R3-S9,\u00a0\n * from 21.4 before 21.4R3-S10,\u00a0\n * from 22.2 before 22.2R3-S6,\u00a0\n * from 22.4 before 22.4R3-S6,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S4,\u00a0\n * from 24.2 before 24.2R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0 * from 22.4 before 22.4R3-S6-EVO,\u00a0\n * from 23.2 before 23.2R2-S3-EVO,\u00a0\n * from 23.4 before 23.4R2-S4-EVO,\u00a0\n * from 24.2 before 24.2R2-EVO.\n\n\n\n\n."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Juniper Networks",
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "21.2R3-S9"
},
{
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R3-S10"
},
{
"version_affected": "<",
"version_name": "22.2",
"version_value": "22.2R3-S6"
},
{
"version_affected": "<",
"version_name": "22.4",
"version_value": "22.4R3-S6"
},
{
"version_affected": "<",
"version_name": "23.2",
"version_value": "23.2R2-S3"
},
{
"version_affected": "<",
"version_name": "23.4",
"version_value": "23.4R2-S4"
},
{
"version_affected": "<",
"version_name": "24.2",
"version_value": "24.2R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "22.4",
"version_value": "22.4R3-S6-EVO"
},
{
"version_affected": "<",
"version_name": "23.2",
"version_value": "23.2R2-S3-EVO"
},
{
"version_affected": "<",
"version_name": "23.4",
"version_value": "23.4R2-S4-EVO"
},
{
"version_affected": "<",
"version_name": "24.2",
"version_value": "24.2R2-EVO"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://supportportal.juniper.net/JSA96458",
"refsource": "MISC",
"name": "https://supportportal.juniper.net/JSA96458"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "JSA96458",
"defect": [
"1842682"
],
"discovery": "EXTERNAL"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is seen when dhcp-security is enabled:<br>&nbsp;<br><tt>[ vlans &lt;vlan-name&gt; forwarding-options dhcp-security ]</tt>"
}
],
"value": "This issue is seen when dhcp-security is enabled:\n\u00a0\n[ vlans <vlan-name> forwarding-options dhcp-security ]"
}
],
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: <br><br>Junos OS Evolved: 22.4R3-S6-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO, and all&nbsp;subsequent releases.<br><br>Junos: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS Evolved: 22.4R3-S6-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO, and all\u00a0subsequent releases.\n\nJunos: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
]
}

18
2025/3xxx/CVE-2025-3479.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3479",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}