admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-01-25 23:00:36 +00:00
parent 83e1e07df0
commit f65d2956da
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
25 changed files with 950 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
2023/36xxx/CVE-2023-36851.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\nWith a specific request to \n\nwebauth_operation.php\n\nthat doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of \n\nintegrity\n\nfor a certain\u00a0part of the\u00a0file system, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n\n\n\n * 22.4 versions prior to 22,4R2-S2, 22.4R3;\n * 23.2 versions prior to 23.2R2.\n\n\n\n\n"
"value": "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\nWith a specific request to \n\nwebauth_operation.php\n\nthat doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of \n\nintegrity\u00a0or confidentiality, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n\n\n\n * \n\n21.2 versions prior to 21.2R3-S8;\n * 21.4 \n\nversions prior to \n\n21.4R3-S6;\n * 22.1 \n\nversions prior to \n\n22.1R3-S5;\n * 22.2 \n\nversions prior to \n\n22.2R3-S3;\n * 22.3 \n\nversions prior to \n\n22.3R3-S2;\n * 22.4 versions prior to 22,4R2-S2, 22.4R3;\n * 23.2 versions prior to \n\n23.2R1-S2,\u00a023.2R2.\n\n\n"
}
]
},
@ -41,13 +41,38 @@
"version_data": [
{
"version_affected": "<",
"version_name": "22.4R1",
"version_name": "21.2",
"version_value": "21.2R3-S8"
},
{
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R3-S6"
},
{
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R3-S5"
},
{
"version_affected": "<",
"version_name": "22.2",
"version_value": "22.2R3-S3"
},
{
"version_affected": "<",
"version_name": "22.3",
"version_value": "22.3R3-S2"
},
{
"version_affected": "<",
"version_name": "22.4",
"version_value": "22.4R2-S2, 22.4R3"
},
{
"version_affected": "<",
"version_name": "23.2",
"version_value": "23.2R2"
"version_value": "23.2R1-S2, 23.2R2"
}
]
}
@ -123,16 +148,16 @@
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:&nbsp;22.4R2-S2*,&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">22.4R3*,&nbsp;23.2R2*,&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">23.4R1*,</span></span>&nbsp;and all subsequent releases.<br>*Pending Publication<br>"
"value": "The following software releases have been updated to resolve this specific issue:&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">21.2R3-S8*, <span style=\"background-color: rgb(255, 255, 255);\">21.4R3-S6*, <span style=\"background-color: rgb(255, 255, 255);\">22.1R3-S5*</span>, <span style=\"background-color: rgb(255, 255, 255);\">22.2R3-S3*, <span style=\"background-color: rgb(255, 255, 255);\">22.3R3-S2*, </span></span></span></span><span style=\"background-color: rgb(255, 255, 255);\">22.4R2-S2, </span><span style=\"background-color: rgb(255, 255, 255);\">22.4R3*, </span><span style=\"background-color: rgb(255, 255, 255);\">23.2R1-S2, </span><span style=\"background-color: rgb(255, 255, 255);\">23.2R2*, </span><span style=\"background-color: rgb(255, 255, 255);\">23.4R1</span><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">,</span></span>&nbsp;and all subsequent releases.<br>*Pending Publication<br>"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\u00a022.4R2-S2*,\u00a022.4R3*,\u00a023.2R2*,\u00a023.4R1*,\u00a0and all subsequent releases.\n*Pending Publication\n"
"value": "The following software releases have been updated to resolve this specific issue:\u00a021.2R3-S8*, 21.4R3-S6*, 22.1R3-S5*, 22.2R3-S3*, 22.3R3-S2*, 22.4R2-S2, 22.4R3*, 23.2R1-S2, 23.2R2*, 23.4R1,\u00a0and all subsequent releases.\n*Pending Publication\n"
}
],
"credits": [
{
"lang": "en",
"value": "watchtowr"
"value": "The Juniper SIRT would like to acknowledge and thank watchtowr for responsibly reporting this vulnerability."
}
],
"impact": {

10
2023/4xxx/CVE-2023-4001.json
View File

@ -205,17 +205,17 @@
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]

13
2024/0xxx/CVE-2024-0646.json
View File

@ -134,19 +134,6 @@
}
]
}
},
{
"product_name": "Red Hat Virtualization 4",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
}
]
}
}
]
}

95
2024/0xxx/CVE-2024-0889.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0889",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Kmint21 Golden FTP Server 2.02b and classified as problematic. This issue affects some unknown processing of the component PASV Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252041 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in Kmint21 Golden FTP Server 2.02b gefunden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Komponente PASV Command Handler. Durch das Beeinflussen mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service",
"cweId": "CWE-404"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kmint21",
"product": {
"product_data": [
{
"product_name": "Golden FTP Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.02b"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.252041",
"refsource": "MISC",
"name": "https://vuldb.com/?id.252041"
},
{
"url": "https://vuldb.com/?ctiid.252041",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.252041"
},
{
"url": "https://packetstormsecurity.com/files/176661/Golden-FTP-Server-2.02b-Denial-Of-Service.html",
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/176661/Golden-FTP-Server-2.02b-Denial-Of-Service.html"
}
]
},
"credits": [
{
"lang": "en",
"value": "fernando.mengali (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
}
]
}

95
2024/0xxx/CVE-2024-0890.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0890",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipulation of the argument ancestors leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-252042 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in hongmaple octopus 1.0 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei /system/dept/edit. Durch Beeinflussen des Arguments ancestors mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "hongmaple",
"product": {
"product_data": [
{
"product_name": "octopus",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.252042",
"refsource": "MISC",
"name": "https://vuldb.com/?id.252042"
},
{
"url": "https://vuldb.com/?ctiid.252042",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.252042"
},
{
"url": "https://github.com/biantaibao/octopus_SQL2/blob/main/report.md",
"refsource": "MISC",
"name": "https://github.com/biantaibao/octopus_SQL2/blob/main/report.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "biantaibao (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

95
2024/0xxx/CVE-2024-0891.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0891",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in hongmaple octopus 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument description with the input <script>alert(document.cookie)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-252043."
},
{
"lang": "deu",
"value": "In hongmaple octopus 1.0 wurde eine problematische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion. Dank der Manipulation des Arguments description mit der Eingabe <script>alert(document.cookie)</script> mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "hongmaple",
"product": {
"product_data": [
{
"product_name": "octopus",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.252043",
"refsource": "MISC",
"name": "https://vuldb.com/?id.252043"
},
{
"url": "https://vuldb.com/?ctiid.252043",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.252043"
},
{
"url": "https://github.com/biantaibao/octopus_XSS/blob/main/report.md",
"refsource": "MISC",
"name": "https://github.com/biantaibao/octopus_XSS/blob/main/report.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "biantaibao (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

18
2024/0xxx/CVE-2024-0914.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0914",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/0xxx/CVE-2024-0915.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0915",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

176
2024/21xxx/CVE-2024-21619.json
View File

@ -1,17 +1,185 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-21619",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "sirt@juniper.net",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information.\n\nWhen a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information.\n\nThis issue affects Juniper Networks Junos OS on SRX Series and EX Series:\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S6;\n * 22.1 versions earlier than 22.1R3-S5;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S2;\n * 22.4 versions earlier than 22.4R3;\n * 23.2 versions earlier than 23.2R1-S2, 23.2R2.\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Generation of Error Message Containing Sensitive Information",
"cweId": "CWE-209"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Juniper Networks",
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "20.4R3-S9"
},
{
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R3-S7"
},
{
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R3-S5"
},
{
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R3-S6"
},
{
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R3-S5"
},
{
"version_affected": "<",
"version_name": "22.2",
"version_value": "22.2R3-S3"
},
{
"version_affected": "<",
"version_name": "22.3",
"version_value": "22.3R3-S2"
},
{
"version_affected": "<",
"version_name": "22.4",
"version_value": "22.4R3"
},
{
"version_affected": "<",
"version_name": "23.2",
"version_value": "23.2R1-S2, 23.2R2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://supportportal.juniper.net/JSA76390",
"refsource": "MISC",
"name": "https://supportportal.juniper.net/JSA76390"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-av217"
},
"source": {
"defect": [
"1763260"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Disable J-Web, or limit access to only trusted hosts.</p>"
}
],
"value": "Disable J-Web, or limit access to only trusted hosts.\n\n"
}
],
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>The following software releases have been updated to resolve this specific issue: 20.4R3-S9, 21.2R3-S7*, 21.3R3-S5, 21.4R3-S6*, 22.1R3-S5*, 22.2R3-S3*, 22.3R3-S2*, 22.4R2-S2, 22.4R3*, 23.2R1-S2, 23.2R2*, 23.4R1, and all subsequent releases.</p><p>*Pending Publication</p>"
}
],
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S9, 21.2R3-S7*, 21.3R3-S5, 21.4R3-S6*, 22.1R3-S5*, 22.2R3-S3*, 22.3R3-S2*, 22.4R2-S2, 22.4R3*, 23.2R1-S2, 23.2R2*, 23.4R1, and all subsequent releases.\n\n*Pending Publication\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "The Juniper SIRT would like to acknowledge and thank watchtowr for responsibly reporting this vulnerability."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

167
2024/21xxx/CVE-2024-21620.json
View File

@ -1,17 +1,176 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-21620",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "sirt@juniper.net",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator.\n\nA specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives.\n\nThis issue affects Juniper Networks Junos OS on SRX Series and EX Series:\n * All versions earlier than 20.4R3-S10;\n * 21.2 versions earlier than 21.2R3-S8;\n * 21.4 versions earlier than 21.4R3-S6;\n * 22.1 versions earlier than 22.1R3-S5;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S2;\n * 22.4 versions earlier than 22.4R3-S1;\n * 23.2 versions earlier than 23.2R2;\n * 23.4 versions earlier than 23.4R2.\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Juniper Networks",
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "20.4R3-S10"
},
{
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R3-S8"
},
{
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R3-S6"
},
{
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R3-S5"
},
{
"version_affected": "<",
"version_name": "22.2",
"version_value": "22.2R3-S3"
},
{
"version_affected": "<",
"version_name": "22.3",
"version_value": "22.3R3-S2"
},
{
"version_affected": "<",
"version_name": "22.4",
"version_value": "22.4R3-S1"
},
{
"version_affected": "<",
"version_name": "23.2",
"version_value": "23.2R2"
},
{
"version_affected": "<",
"version_name": "23.4",
"version_value": "23.4R2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://supportportal.juniper.net/JSA76390",
"refsource": "MISC",
"name": "https://supportportal.juniper.net/JSA76390"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-av217"
},
"source": {
"defect": [
"1779376"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Disable J-Web, or limit access to only trusted hosts and users.</p>"
}
],
"value": "Disable J-Web, or limit access to only trusted hosts and users.\n\n"
}
],
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>The following software releases have been updated to resolve this specific issue: 20.4R3-S10*, 21.2R3-S8*, 21.4R3-S6*, 22.1R3-S5*, 22.2R3-S3*, 22.3R3-S2*, 22.4R3-S1*, 23.2R2*, 23.4R2*, 24.2R1*, and all subsequent releases.</p><p>* Pending Publication</p>"
}
],
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S10*, 21.2R3-S8*, 21.4R3-S6*, 22.1R3-S5*, 22.2R3-S3*, 22.3R3-S2*, 22.4R3-S1*, 23.2R2*, 23.4R2*, 24.2R1*, and all subsequent releases.\n\n* Pending Publication\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "The Juniper SIRT would like to acknowledge and thank watchtowr for responsibly reporting this vulnerability."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2024/24xxx/CVE-2024-24585.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-24585",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/24xxx/CVE-2024-24586.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-24586",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/24xxx/CVE-2024-24587.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-24587",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/24xxx/CVE-2024-24588.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-24588",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/24xxx/CVE-2024-24589.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-24589",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/24xxx/CVE-2024-24590.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-24590",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/24xxx/CVE-2024-24591.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-24591",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/24xxx/CVE-2024-24592.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-24592",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/24xxx/CVE-2024-24593.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-24593",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/24xxx/CVE-2024-24594.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-24594",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/24xxx/CVE-2024-24595.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-24595",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/24xxx/CVE-2024-24596.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-24596",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/24xxx/CVE-2024-24597.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-24597",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/24xxx/CVE-2024-24598.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-24598",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/24xxx/CVE-2024-24599.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-24599",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}