CVSS: 8.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-39529 – Junos OS: SRX Series: If DNS traceoptions are configured in a DGA or tunnel detection scenario specific DNS traffic leads to a PFE crash
https://notcve.org/view.php?id=CVE-2024-39529
A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received this causes a PFE crash and restart, leading to a Denial of Service. This issue affects Junos OS: * All versions before 21.4R3-S6, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2. • https://supportportal.juniper.net/JSA82988 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.0EPSS: 0%CPEs: 12EXPL: 0CVE-2024-39528 – Junos OS and Junos OS Evolved: Concurrent deletion of a routing-instance and receipt of an SNMP request cause an RPD crash
https://notcve.org/view.php?id=CVE-2024-39528
A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service (DoS).On all Junos OS and Junos Evolved platforms, if a routing-instance deactivation is triggered, and at the same time a specific SNMP request is received, a segmentation fault occurs which causes rpd to crash and restart. This issue affects: Junos OS: * All versions before 21.2R3-S8, * 21.4 versions before 21.4R3-S5, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S2, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2. Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S5-EVO, * 22.2-EVO versions before 22.2R3-S3-EVO, * 22.3-EVO versions before 22.3R3-S2-EVO, * 22.4-EVO versions before 22.4R3-EVO, * 23.2-EVO versions before 23.2R2-EVO. • https://supportportal.juniper.net/JSA82987 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39519 – Junos OS Evolved: ACX 7000 Series: Multicast traffic is looped in a multihoming EVPN MPLS scenario
https://notcve.org/view.php?id=CVE-2024-39519
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). On all ACX 7000 Series platforms running Junos OS Evolved, and configured with IRBs, if a Customer Edge device (CE) device is dual homed to two Provider Edge devices (PE) a traffic loop will occur when the CE sends multicast packets. • https://supportportal.juniper.net/JSA82983 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-39317 – Wagtail regular expression denial-of-service via search query parsing
https://notcve.org/view.php?id=CVE-2024-39317
When used to parse sufficiently long strings of characters without a space, `parse_query_string` would take an unexpectedly large amount of time to process, resulting in a denial of service. • https://github.com/wagtail/wagtail/commit/31b1e8532dfb1b70d8d37d22aff9cbde9109cdf2 https://github.com/wagtail/wagtail/commit/3c941136f79c48446e3858df46e5b668d7f83797 https://github.com/wagtail/wagtail/commit/b783c096b6d4fd2cfc05f9137a0be288850e99a2 https://github.com/wagtail/wagtail/security/advisories/GHSA-jmp3-39vp-fwg8 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28872 – Incorrect TLS certificate validation can lead to escalated privileges
https://notcve.org/view.php?id=CVE-2024-28872
Once this connection is established with the valid certificate, the attacker can send malicious commands to a monitored service (Kea or BIND 9), possibly resulting in confidential data loss and/or denial of service. • https://kb.isc.org/docs/cve-2024-28872 • CWE-295: Improper Certificate Validation •