CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-0057 – NFX Series: An attacker may be able to take control of the JDM application and subsequently the entire system.
https://notcve.org/view.php?id=CVE-2019-0057
An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1, 18.2X75-D5. Una debilidad de autorización inapropiada en Juniper Networks Junos OS, permite a un atacante autenticado local omitir los controles de seguridad regulares para acceder a la aplicación Junos Device Manager (JDM) y tomar el control del sistema. Este problema afecta a: Juniper Networks Junos OS versiones anteriores a 18.2R1, 18.2X75-D5. • https://kb.juniper.net/JSA10955 •
CVSS: 7.8EPSS: 0%CPEs: 193EXPL: 2CVE-2019-0053 – Junos OS: Insufficient validation of environment variables in telnet client may lead to stack-based buffer overflow
https://notcve.org/view.php?id=CVE-2019-0053
Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client — accessible from the CLI or shell — in Junos OS. Inbound telnet services are not affected by this issue. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S11, 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. • https://github.com/dreamsmasher/inetutils-CVE-2019-0053-Patched-PKGBUILD http://packetstormsecurity.com/files/153746/FreeBSD-Security-Advisory-FreeBSD-SA-19-12.telnet.html https://kb.juniper.net/JSA10947 https://lists.debian.org/debian-lts-announce/2022/11/msg00033.html https://lists.debian.org/debian-lts-announce/2023/10/msg00013.html https://seclists.org/bugtraq/2019/Jul/45 https://security.FreeBSD.org/advisories/FreeBSD-SA-19:12.telnet.asc https://www.exploit-db.com/exploits/45982 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 2%CPEs: 218EXPL: 4CVE-2019-11358 – jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
https://notcve.org/view.php?id=CVE-2019-11358
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminación de Object.prototype. Si un objeto fuente no sanitizado contenía una propiedad enumerable __proto__, podría extender el Object.prototype nativo. A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. • https://github.com/isacaya/CVE-2019-11358 https://github.com/ossf-cve-benchmark/CVE-2019-11358 https://github.com/Snorlyd/https-nj.gov---CVE-2019-11358 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html http://packetstormsecurity.c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.8EPSS: 0%CPEs: 109EXPL: 0CVE-2019-0036 – Junos OS: Firewall filter terms named "internal-1" and "internal-2" being ignored
https://notcve.org/view.php?id=CVE-2019-0036
When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. "internal-1", "internal-2", etc.) are silently ignored. No warning is issued during configuration, and the config is committed without error, but the filter criteria will match all packets leading to unexpected results. Affected releases are Juniper Networks Junos OS: All versions prior to and including 12.3; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D161, 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496, 15.1X53-D69; 16.1 versions prior to 16.1R7-S4, 16.1R7-S5; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S7, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4; 18.2 versions prior to 18.2R1-S5, 18.2R2-S1; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3; 18.4 versions prior to 18.4R1-S1, 18.4R1-S2. Cuando se configura un filtro de cortafuegos sin estado en Junos OS, los términos nombrados con el formato "internal-n" (por ejemplo, "internal-1", "internal-2", etc.) se ignoran en silencio. • https://kb.juniper.net/JSA10925 • CWE-284: Improper Access Control CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-2300
https://notcve.org/view.php?id=CVE-2017-2300
On Juniper Networks SRX Series Services Gateways chassis clusters running Junos OS 12.1X46 prior to 12.1X46-D65, 12.3X48 prior to 12.3X48-D40, 12.3X48 prior to 12.3X48-D60, flowd daemon on the primary node of an SRX Series chassis cluster may crash and restart when attempting to synchronize a multicast session created via crafted multicast packets. En los clústeres de tipo chassis de dispositivos Juniper Networks SRX Series Services Gateways que ejecutan el sistema operativo versiones: Junos 12.1X46 anterior a 12.1X46-D65, 12.3X48 anterior a 12.3X48-D40 y12.3X48 anterior a 12.3X48-D60, el demonio flowd en el nodo principal del clúster, puede bloquearse y reiniciarse al intentar sincronizar una sesión multicast creada mediante paquetes multicast especialmente diseñados. • http://www.securityfocus.com/bid/95400 http://www.securitytracker.com/id/1037597 https://kb.juniper.net/JSA10768 •