CVSS: 6.1EPSS: 2%CPEs: 218EXPL: 9CVE-2019-11358 – jQuery 3.3.1 - Prototype Pollution & XSS Exploit
https://notcve.org/view.php?id=CVE-2019-11358
19 Apr 2019 — jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminación de Object.prototype. Si un objeto fuente no sanitizado contenía una propi... • https://packetstorm.news/files/id/190328 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.5EPSS: 0%CPEs: 62EXPL: 0CVE-2019-0044 – Junos OS: SRX5000 series: Kernel crash (vmcore) upon receipt of a specific packet on fxp0 interface
https://notcve.org/view.php?id=CVE-2019-0044
10 Apr 2019 — Receipt of a specific packet on the out-of-band management interface fxp0 may cause the system to crash and restart (vmcore). By continuously sending a specially crafted packet to the fxp0 interface, an attacker can repetitively crash the rpd process causing prolonged Denial of Service (DoS). Affected releases are Juniper Networks SRX5000 Series: 12.1X46 versions prior to 12.1X46-D82; 12.3X48 versions prior to 12.3X48-D80; 15.1X49 versions prior to 15.1X49-D160. La recepción de un paquete específico en la i... • http://www.securityfocus.com/bid/107872 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 344EXPL: 0CVE-2019-0043 – Junos OS: RPD process crashes upon receipt of a specific SNMP packet
https://notcve.org/view.php?id=CVE-2019-0043
10 Apr 2019 — In MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) process to crash and restart. By continuously sending a specially crafted SNMP packet, an attacker can repetitively crash the RPD process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS : 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior... • https://kb.juniper.net/JSA10935 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 9.8EPSS: 0%CPEs: 109EXPL: 0CVE-2019-0036 – Junos OS: Firewall filter terms named "internal-1" and "internal-2" being ignored
https://notcve.org/view.php?id=CVE-2019-0036
10 Apr 2019 — When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. "internal-1", "internal-2", etc.) are silently ignored. No warning is issued during configuration, and the config is committed without error, but the filter criteria will match all packets leading to unexpected results. Affected releases are Juniper Networks Junos OS: All versions prior to and including 12.3; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-... • https://kb.juniper.net/JSA10925 • CWE-284: Improper Access Control CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2019-0033 – SRX Series: A remote attacker may cause a high CPU Denial of Service to the device when proxy ARP is configured.
https://notcve.org/view.php?id=CVE-2019-0033
10 Apr 2019 — A firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an attacker to cause a high CPU condition leading to a Denial of Service (DoS). This issue affects only IPv4. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D25 prior to 12.1X46-D71, 12.1X46-D73 on SRX Series; 12.3X48 versions prior to 12.3X48-D50 on SRX Series; 15.1X49 versions prior to 15.1X49-D75 on SRX Series. Una vulnerabilidad de omisión del firewall en el servici... • http://www.securityfocus.com/bid/107882 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 164EXPL: 0CVE-2019-0003 – Junos OS: A flowspec BGP update with a specific term-order causes routing protocol daemon (rpd) process to crash with a core.
https://notcve.org/view.php?id=CVE-2019-0003
15 Jan 2019 — When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to crash with a core file being generated. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 14.1X53 versions prior to 14.1... • http://www.securityfocus.com/bid/106544 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 1%CPEs: 78EXPL: 0CVE-2019-0010 – Junos OS: SRX Series: Crafted HTTP traffic may cause UTM to consume all mbufs, leading to Denial of Service
https://notcve.org/view.php?id=CVE-2019-0010
15 Jan 2019 — An SRX Series Service Gateway configured for Unified Threat Management (UTM) may experience a system crash with the error message "mbuf exceed" -- an indication of memory buffer exhaustion -- due to the receipt of crafted HTTP traffic. Each crafted HTTP packet inspected by UTM consumes mbufs which can be identified through the following log messages: all_logs.0:Jun 8 03:25:03 srx1 node0.fpc4 : SPU3 jmpi mbuf stall 50%. all_logs.0:Jun 8 03:25:13 srx1 node0.fpc4 : SPU3 jmpi mbuf stall 51%. all_logs.0:Jun 8 03... • http://www.securityfocus.com/bid/106535 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 147EXPL: 0CVE-2019-0012 – Junos OS: rpd crash on VPLS PE upon receipt of specific BGP message
https://notcve.org/view.php?id=CVE-2019-0012
15 Jan 2019 — A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. This issue only affects PE routers configured with BGP Auto discovery for LDP VPLS. Other BGP configurations are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: ... • http://www.securityfocus.com/bid/106536 •
CVSS: 7.5EPSS: 0%CPEs: 103EXPL: 0CVE-2019-0013 – Junos OS: RPD crash upon receipt of malformed PIM packet
https://notcve.org/view.php?id=CVE-2019-0013
15 Jan 2019 — The routing protocol daemon (RPD) process will crash and restart when a specific invalid IPv4 PIM Join packet is received. While RPD restarts after a crash, repeated crashes can result in an extended Denial of Service (DoS) condition. This issue only affects IPv4 PIM. IPv6 PIM is unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77; 12.3X48 versions prior to 12.3X48-D77; 15.1 versions prior to 15.1F6-S10, 15.1R6-S6, 15.1R7; 15.1X49 versions... • http://www.securityfocus.com/bid/106519 • CWE-19: Data Processing Errors •
CVSS: 5.5EPSS: 0%CPEs: 95EXPL: 0CVE-2019-0015 – Junos OS: SRX Series: Deleted dynamic VPN users are allowed to establish VPN connections until reboot
https://notcve.org/view.php?id=CVE-2019-0015
15 Jan 2019 — A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connections. Due to an error in token caching, deleted users are allowed to connect once a previously successful dynamic VPN connection has been established. A reboot is required to clear the cached authentication token. Affected releases are Junos OS on SRX Series: 12.... • http://www.securityfocus.com/bid/106668 • CWE-613: Insufficient Session Expiration •