In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between January 12-13, 2024.
During this period, The National Vulnerability Database published 129, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 10
High: 25
Medium: 45
Low: 7
Severity Not Assigned: 42
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-21589
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.0
Description:
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configuration information.
A feature was introduced in version 3.1.0 of the Paragon Active Assurance Control Center which allows users to selectively share account data. By exploiting this vulnerability, it is possible to access reports without being logged in, resulting in the opportunity for malicious exfiltration of user data.
Note that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue.
This issue affects Juniper Networks Paragon Active Assurance versions 3.1.0, 3.2.0, 3.2.2, 3.3.0, 3.3.1, 3.4.0.
This issue does not affect Juniper Networks Paragon Active Assurance versions earlier than 3.1.0.
References: https://supportportal.juniper.net/JSA75727
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-21591
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description:
An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device.
This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory.
This issue affects Juniper Networks Junos OS SRX Series and EX Series:
* Junos OS versions earlier than 20.4R3-S9;
* Junos OS 21.2 versions earlier than 21.2R3-S7;
* Junos OS 21.3 versions earlier than 21.3R3-S5;
* Junos OS 21.4 versions earlier than 21.4R3-S5;
* Junos OS 22.1 versions earlier than 22.1R3-S4;
* Junos OS 22.2 versions earlier than 22.2R3-S3;
* Junos OS 22.3 versions earlier than 22.3R3-S2;
* Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3.
References: https://supportportal.juniper.net/JSA75729
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-21595
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).
If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device.
This issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices.
This issue affects:
Juniper Networks Junos OS
* 21.4R3 versions earlier than 21.4R3-S4;
* 22.1R3 versions earlier than 22.1R3-S3;
* 22.2R2 versions earlier than 22.2R3-S1;
* 22.3 versions earlier than 22.3R2-S2, 22.3R3;
* 22.4 versions earlier than 22.4R2;
* 23.1 versions earlier than 23.1R2.
References: https://advisory.juniper.net/JSA75734
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CWE-ID: CWE-1286
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-21602
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
If a specific IPv4 UDP packet is received and sent to the Routing Engine (RE) packetio crashes and restarts which causes a momentary traffic interruption. Continued receipt of such packets will lead to a sustained DoS.
This issue does not happen with IPv6 packets.
This issue affects Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L:
* 21.4-EVO versions earlier than 21.4R3-S6-EVO;
* 22.1-EVO versions earlier than 22.1R3-S5-EVO;
* 22.2-EVO versions earlier than 22.2R2-S1-EVO, 22.2R3-EVO;
* 22.3-EVO versions earlier than 22.3R2-EVO.
This issue does not affect Juniper Networks Junos OS Evolved versions earlier than 21.4R1-EVO.
References: https://supportportal.juniper.net/JSA75743
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-21604
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
If a high rate of specific valid packets are processed by the routing engine (RE) this will lead to a loss of connectivity of the RE with other components of the chassis and thereby a complete and persistent system outage. Please note that a carefully designed lo0 firewall filter will block or limit these packets which should prevent this issue from occurring.
The following log messages can be seen when this issue occurs:
kernel: nf_conntrack: nf_conntrack: table full, dropping packet
This issue affects Juniper Networks Junos OS Evolved:
* All versions earlier than 20.4R3-S7-EVO;
* 21.2R1-EVO and later versions;
* 21.4-EVO versions earlier than 21.4R3-S5-EVO;
* 22.1-EVO versions earlier than 22.1R3-S2-EVO;
* 22.2-EVO versions earlier than 22.2R3-EVO;
* 22.3-EVO versions earlier than 22.3R2-EVO;
* 22.4-EVO versions earlier than 22.4R2-EVO.
References: https://supportportal.juniper.net/JSA75745
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-21606
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).
In a remote access VPN scenario, if a "tcp-encap-profile" is configured and a sequence of specific packets is received, a flowd crash and restart will be observed.
This issue affects Juniper Networks Junos OS on SRX Series:
* All versions earlier than 20.4R3-S8;
* 21.2 versions earlier than 21.2R3-S6;
* 21.3 versions earlier than 21.3R3-S5;
* 21.4 versions earlier than 21.4R3-S5;
* 22.1 versions earlier than 22.1R3-S3;
* 22.2 versions earlier than 22.2R3-S3;
* 22.3 versions earlier than 22.3R3-S1;
* 22.4 versions earlier than 22.4R2-S2, 22.4R3.
References: https://supportportal.juniper.net/JSA75747
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
CWE-ID: CWE-415
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-21611
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
In a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a slow memory leak and eventually a crash and restart of rpd.
Thread level memory utilization for the areas where the leak occurs can be checked using the below command:
user@host> show task memory detail | match so_in
so_in6 28 32 344450 11022400 344760 11032320
so_in 8 16 1841629 29466064 1841734 29467744
This issue affects:
Junos OS
* 21.4 versions earlier than 21.4R3;
* 22.1 versions earlier than 22.1R3;
* 22.2 versions earlier than 22.2R3.
Junos OS Evolved
* 21.4-EVO versions earlier than 21.4R3-EVO;
* 22.1-EVO versions earlier than 22.1R3-EVO;
* 22.2-EVO versions earlier than 22.2R3-EVO.
This issue does not affect:
Juniper Networks Junos OS versions earlier than 21.4R1.
Juniper Networks Junos OS Evolved versions earlier than 21.4R1.
References: https://supportportal.juniper.net/JSA75752
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
CWE-ID: CWE-401
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-21612
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.
This issue affects:
Juniper Networks Junos OS Evolved
* All versions earlier than 21.2R3-S7-EVO;
* 21.3 versions earlier than 21.3R3-S5-EVO ;
* 21.4 versions earlier than 21.4R3-S5-EVO;
* 22.1 versions earlier than 22.1R3-S4-EVO;
* 22.2 versions earlier than 22.2R3-S3-EVO ;
* 22.3 versions earlier than 22.3R3-EVO;
* 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.
References: https://supportportal.juniper.net/JSA75753
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CWE-ID: CWE-228
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-21614
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Denial of Service (DoS).
On all Junos OS and Junos OS Evolved platforms, when NETCONF and gRPC are enabled, and a specific query is executed via Dynamic Rendering (DREND), rpd will crash and restart. Continuous execution of this specific query will cause a sustained Denial of Service (DoS) condition.
This issue affects:
Juniper Networks Junos OS
* 22.2 versions earlier than 22.2R2-S2, 22.2R3;
* 22.3 versions earlier than 22.3R2, 22.3R3.
Juniper Networks Junos OS Evolved
* 22.2 versions earlier than 22.2R2-S2-EVO, 22.2R3-EVO;
* 22.3 versions earlier than 22.3R2-EVO, 22.3R3-EVO.
This issue does not affect Juniper Networks:
Junos OS versions earlier than 22.2R1;
Junos OS Evolved versions earlier than 22.2R1-EVO.
References: https://supportportal.juniper.net/JSA75755
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CWE-ID: CWE-754
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-21616
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).
On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.
NAT IP usage can be monitored by running the following command.
user@srx> show security nat resource-usage source-pool
Pool name: source_pool_name
..
Address Factor-index Port-range Used Avail Total Usage
X.X.X.X
0 Single Ports 50258 52342 62464 96% <<<<<
- Alg Ports 0 2048 2048 0%
This issue affects:
Juniper Networks Junos OS on MX Series and SRX Series
* All versions earlier than 21.2R3-S6;
* 21.3 versions earlier than 21.3R3-S5;
* 21.4 versions earlier than 21.4R3-S5;
* 22.1 versions earlier than 22.1R3-S4;
* 22.2 versions earlier than 22.2R3-S3;
* 22.3 versions earlier than 22.3R3-S1;
* 22.4 versions earlier than 22.4R2-S2, 22.4R3;
* 23.2 versions earlier than 23.2R1-S1, 23.2R2.
References: https://supportportal.juniper.net/JSA75757
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CWE-ID: CWE-1286
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-40250
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Hancom HCell on Windows allows Overflow Buffers.This issue affects HCell: 12.0.0.893.
References: https://www.hancom.com/cs_center/csDownload.do?gnb0=25gnb1=80
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-6040
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.
References: http://www.openwall.com/lists/oss-security/2024/01/12/1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040
https://www.openwall.com/lists/oss-security/2024/01/12/1
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-34061
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.
References: https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-31211
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials
References: https://checkmk.com/werk/16227
CWE-ID: CWE-691
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-6735
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
References: https://checkmk.com/werk/16273
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-6740
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
References: https://checkmk.com/werk/16163
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-49568
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients.
Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability.
This is a go-git implementation issue and does not affect the upstream git cli.
References: https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-49569
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved.
Applications are only affected if they are using the ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS or in-memory filesystems are not affected by this issue.
This is a go-git implementation issue and does not affect the upstream git cli.
References: https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-4812
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge request.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/424398
https://hackerone.com/reports/2115574
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-5356
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 5.8
Description: Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/427154
https://hackerone.com/reports/2188868
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-7028
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.8
Description: An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/436084
https://hackerone.com/reports/2293343
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-31036
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path traversal. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
References: https://nvidia.custhelp.com/app/answers/detail/a_id/5509
CWE-ID: CWE-23
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-46805
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
References: https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
CWE-ID: CWE-287
Common Platform Enumerations (CPE): cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.6:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.6:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.0:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r17:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r18:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.1:r6:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.2:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.3:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.3:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.4:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.4:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.4:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.5:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.5:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.6:r1:*:*:*:*:*:*
24. CVE-2024-21887
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
References: https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
CWE-ID: CWE-77
Common Platform Enumerations (CPE): cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.6:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.6:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.0:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r17:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r18:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.1:r6:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.2:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.3:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.3:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.4:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.4:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.4:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.5:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.5:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.6:r1:*:*:*:*:*:*
25. CVE-2023-31024
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.
References: https://nvidia.custhelp.com/app/answers/detail/a_id/5510
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-31029
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 2.5
Impact Score: 6.0
Description: NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.
References: https://nvidia.custhelp.com/app/answers/detail/a_id/5510
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-31030
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 2.5
Impact Score: 6.0
Description: NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.
References: https://nvidia.custhelp.com/app/answers/detail/a_id/5510
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
28. CVE-2023-31032
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service.
References: https://nvidia.custhelp.com/app/answers/detail/a_id/5510
CWE-ID: CWE-627
Common Platform Enumerations (CPE): Not Found
29. CVE-2023-31035
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.
References: https://nvidia.custhelp.com/app/answers/detail/a_id/5510
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-22206
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.
References: https://clerk.com/changelog/2024-01-12
https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3
https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg
CWE-ID: CWE-284 CWE-287 CWE-639
Common Platform Enumerations (CPE): Not Found
31. CVE-2023-42463
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 5.9
Description: Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version 4.5.3.
References: https://github.com/wazuh/wazuh/security/advisories/GHSA-27p5-32pp-r58r
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
32. CVE-2023-48297
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5.
References: https://github.com/discourse/discourse/security/advisories/GHSA-hf2v-r5xm-8p37
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-51698
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.
References: https://github.com/mate-desktop/atril/commit/ce41df6467521ff9fd4f16514ae7d6ebb62eb1ed
https://github.com/mate-desktop/atril/security/advisories/GHSA-34rr-j8v9-v4p2
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
34. CVE-2023-49647
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.
References: https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
35. CVE-2024-0474
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical was found in code-projects Dormitory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250579.
References: https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20login.php.pdf
https://vuldb.com/?ctiid.250579
https://vuldb.com/?id.250579
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between January 12-13, 2024.
During this period, The National Vulnerability Database published 129, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 10
High: 25
Medium: 45
Low: 7
Severity Not Assigned: 42
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-21589
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.0
Description:
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configuration information.
A feature was introduced in version 3.1.0 of the Paragon Active Assurance Control Center which allows users to selectively share account data. By exploiting this vulnerability, it is possible to access reports without being logged in, resulting in the opportunity for malicious exfiltration of user data.
Note that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue.
This issue affects Juniper Networks Paragon Active Assurance versions 3.1.0, 3.2.0, 3.2.2, 3.3.0, 3.3.1, 3.4.0.
This issue does not affect Juniper Networks Paragon Active Assurance versions earlier than 3.1.0.
References: https://supportportal.juniper.net/JSA75727
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-21591
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description:
An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device.
This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory.
This issue affects Juniper Networks Junos OS SRX Series and EX Series:
* Junos OS versions earlier than 20.4R3-S9;
* Junos OS 21.2 versions earlier than 21.2R3-S7;
* Junos OS 21.3 versions earlier than 21.3R3-S5;
* Junos OS 21.4 versions earlier than 21.4R3-S5;
* Junos OS 22.1 versions earlier than 22.1R3-S4;
* Junos OS 22.2 versions earlier than 22.2R3-S3;
* Junos OS 22.3 versions earlier than 22.3R3-S2;
* Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3.
References: https://supportportal.juniper.net/JSA75729
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-21595
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).
If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device.
This issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices.
This issue affects:
Juniper Networks Junos OS
* 21.4R3 versions earlier than 21.4R3-S4;
* 22.1R3 versions earlier than 22.1R3-S3;
* 22.2R2 versions earlier than 22.2R3-S1;
* 22.3 versions earlier than 22.3R2-S2, 22.3R3;
* 22.4 versions earlier than 22.4R2;
* 23.1 versions earlier than 23.1R2.
References: https://advisory.juniper.net/JSA75734
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CWE-ID: CWE-1286
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-21602
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
If a specific IPv4 UDP packet is received and sent to the Routing Engine (RE) packetio crashes and restarts which causes a momentary traffic interruption. Continued receipt of such packets will lead to a sustained DoS.
This issue does not happen with IPv6 packets.
This issue affects Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L:
* 21.4-EVO versions earlier than 21.4R3-S6-EVO;
* 22.1-EVO versions earlier than 22.1R3-S5-EVO;
* 22.2-EVO versions earlier than 22.2R2-S1-EVO, 22.2R3-EVO;
* 22.3-EVO versions earlier than 22.3R2-EVO.
This issue does not affect Juniper Networks Junos OS Evolved versions earlier than 21.4R1-EVO.
References: https://supportportal.juniper.net/JSA75743
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-21604
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
If a high rate of specific valid packets are processed by the routing engine (RE) this will lead to a loss of connectivity of the RE with other components of the chassis and thereby a complete and persistent system outage. Please note that a carefully designed lo0 firewall filter will block or limit these packets which should prevent this issue from occurring.
The following log messages can be seen when this issue occurs:
This issue affects Juniper Networks Junos OS Evolved:
* All versions earlier than 20.4R3-S7-EVO;
* 21.2R1-EVO and later versions;
* 21.4-EVO versions earlier than 21.4R3-S5-EVO;
* 22.1-EVO versions earlier than 22.1R3-S2-EVO;
* 22.2-EVO versions earlier than 22.2R3-EVO;
* 22.3-EVO versions earlier than 22.3R2-EVO;
* 22.4-EVO versions earlier than 22.4R2-EVO.
References: https://supportportal.juniper.net/JSA75745
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-21606
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).
In a remote access VPN scenario, if a "tcp-encap-profile" is configured and a sequence of specific packets is received, a flowd crash and restart will be observed.
This issue affects Juniper Networks Junos OS on SRX Series:
* All versions earlier than 20.4R3-S8;
* 21.2 versions earlier than 21.2R3-S6;
* 21.3 versions earlier than 21.3R3-S5;
* 21.4 versions earlier than 21.4R3-S5;
* 22.1 versions earlier than 22.1R3-S3;
* 22.2 versions earlier than 22.2R3-S3;
* 22.3 versions earlier than 22.3R3-S1;
* 22.4 versions earlier than 22.4R2-S2, 22.4R3.
References: https://supportportal.juniper.net/JSA75747
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
CWE-ID: CWE-415
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-21611
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
In a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a slow memory leak and eventually a crash and restart of rpd.
Thread level memory utilization for the areas where the leak occurs can be checked using the below command:
user@host> show task memory detail | match so_in
so_in6 28 32 344450 11022400 344760 11032320
so_in 8 16 1841629 29466064 1841734 29467744
This issue affects:
Junos OS
* 21.4 versions earlier than 21.4R3;
* 22.1 versions earlier than 22.1R3;
* 22.2 versions earlier than 22.2R3.
Junos OS Evolved
* 21.4-EVO versions earlier than 21.4R3-EVO;
* 22.1-EVO versions earlier than 22.1R3-EVO;
* 22.2-EVO versions earlier than 22.2R3-EVO.
This issue does not affect:
Juniper Networks Junos OS versions earlier than 21.4R1.
Juniper Networks Junos OS Evolved versions earlier than 21.4R1.
References: https://supportportal.juniper.net/JSA75752
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
CWE-ID: CWE-401
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-21612
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.
This issue affects:
Juniper Networks Junos OS Evolved
* All versions earlier than 21.2R3-S7-EVO;
* 21.3 versions earlier than 21.3R3-S5-EVO ;
* 21.4 versions earlier than 21.4R3-S5-EVO;
* 22.1 versions earlier than 22.1R3-S4-EVO;
* 22.2 versions earlier than 22.2R3-S3-EVO ;
* 22.3 versions earlier than 22.3R3-EVO;
* 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.
References: https://supportportal.juniper.net/JSA75753
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CWE-ID: CWE-228
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-21614
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Denial of Service (DoS).
On all Junos OS and Junos OS Evolved platforms, when NETCONF and gRPC are enabled, and a specific query is executed via Dynamic Rendering (DREND), rpd will crash and restart. Continuous execution of this specific query will cause a sustained Denial of Service (DoS) condition.
This issue affects:
Juniper Networks Junos OS
* 22.2 versions earlier than 22.2R2-S2, 22.2R3;
* 22.3 versions earlier than 22.3R2, 22.3R3.
Juniper Networks Junos OS Evolved
* 22.2 versions earlier than 22.2R2-S2-EVO, 22.2R3-EVO;
* 22.3 versions earlier than 22.3R2-EVO, 22.3R3-EVO.
This issue does not affect Juniper Networks:
Junos OS versions earlier than 22.2R1;
Junos OS Evolved versions earlier than 22.2R1-EVO.
References: https://supportportal.juniper.net/JSA75755
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CWE-ID: CWE-754
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-21616
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).
On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.
NAT IP usage can be monitored by running the following command.
user@srx> show security nat resource-usage source-pool
Pool name: source_pool_name
..
Address Factor-index Port-range Used Avail Total Usage
X.X.X.X
0 Single Ports 50258 52342 62464 96% <<<<<
- Alg Ports 0 2048 2048 0%
This issue affects:
Juniper Networks Junos OS on MX Series and SRX Series
* All versions earlier than 21.2R3-S6;
* 21.3 versions earlier than 21.3R3-S5;
* 21.4 versions earlier than 21.4R3-S5;
* 22.1 versions earlier than 22.1R3-S4;
* 22.2 versions earlier than 22.2R3-S3;
* 22.3 versions earlier than 22.3R3-S1;
* 22.4 versions earlier than 22.4R2-S2, 22.4R3;
* 23.2 versions earlier than 23.2R1-S1, 23.2R2.
References: https://supportportal.juniper.net/JSA75757
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CWE-ID: CWE-1286
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-40250
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Hancom HCell on Windows allows Overflow Buffers.This issue affects HCell: 12.0.0.893.
References: https://www.hancom.com/cs_center/csDownload.do?gnb0=25gnb1=80
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-6040
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.
References: http://www.openwall.com/lists/oss-security/2024/01/12/1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040
https://www.openwall.com/lists/oss-security/2024/01/12/1
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-34061
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.
References: https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-31211
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials
References: https://checkmk.com/werk/16227
CWE-ID: CWE-691
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-6735
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
References: https://checkmk.com/werk/16273
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-6740
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
References: https://checkmk.com/werk/16163
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-49568
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients.
Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability.
This is a go-git implementation issue and does not affect the upstream git cli.
References: https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-49569
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved.
Applications are only affected if they are using the ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS or in-memory filesystems are not affected by this issue.
This is a go-git implementation issue and does not affect the upstream git cli.
References: https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-4812
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge request.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/424398
https://hackerone.com/reports/2115574
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-5356
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 5.8
Description: Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/427154
https://hackerone.com/reports/2188868
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-7028
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.8
Description: An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/436084
https://hackerone.com/reports/2293343
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-31036
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path traversal. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
References: https://nvidia.custhelp.com/app/answers/detail/a_id/5509
CWE-ID: CWE-23
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-46805
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
References: https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
CWE-ID: CWE-287
Common Platform Enumerations (CPE): cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.6:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.6:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.0:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r17:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r18:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.1:r6:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.2:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.3:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.3:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.4:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.4:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.4:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.5:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.5:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.6:r1:*:*:*:*:*:*
24. CVE-2024-21887
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
References: https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
CWE-ID: CWE-77
Common Platform Enumerations (CPE): cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.6:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.6:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.0:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r17:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r18:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.1:r6:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.2:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.3:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.3:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.4:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.4:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.4:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.5:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.5:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.6:r1:*:*:*:*:*:*
25. CVE-2023-31024
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.
References: https://nvidia.custhelp.com/app/answers/detail/a_id/5510
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-31029
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 2.5
Impact Score: 6.0
Description: NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.
References: https://nvidia.custhelp.com/app/answers/detail/a_id/5510
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-31030
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 2.5
Impact Score: 6.0
Description: NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.
References: https://nvidia.custhelp.com/app/answers/detail/a_id/5510
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
28. CVE-2023-31032
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service.
References: https://nvidia.custhelp.com/app/answers/detail/a_id/5510
CWE-ID: CWE-627
Common Platform Enumerations (CPE): Not Found
29. CVE-2023-31035
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.
References: https://nvidia.custhelp.com/app/answers/detail/a_id/5510
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-22206
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.
References: https://clerk.com/changelog/2024-01-12
https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3
https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg
CWE-ID: CWE-284 CWE-287 CWE-639
Common Platform Enumerations (CPE): Not Found
31. CVE-2023-42463
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 5.9
Description: Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version 4.5.3.
References: https://github.com/wazuh/wazuh/security/advisories/GHSA-27p5-32pp-r58r
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
32. CVE-2023-48297
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5.
References: https://github.com/discourse/discourse/security/advisories/GHSA-hf2v-r5xm-8p37
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-51698
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.
References: https://github.com/mate-desktop/atril/commit/ce41df6467521ff9fd4f16514ae7d6ebb62eb1ed
https://github.com/mate-desktop/atril/security/advisories/GHSA-34rr-j8v9-v4p2
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
34. CVE-2023-49647
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.
References: https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
35. CVE-2024-0474
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical was found in code-projects Dormitory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250579.
References: https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20login.php.pdf
https://vuldb.com/?ctiid.250579
https://vuldb.com/?id.250579
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found