Page 7 of 33 results (0.004 seconds)

CVSS: 7.8EPSS: 0%CPEs: 115EXPL: 0

CVE-2018-0024 – Junos OS: A privilege escalation vulnerability exists where authenticated users with shell access can become root

https://notcve.org/view.php?id=CVE-2018-0024

An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D45 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 12.3 versions prior to 12.3R11 on EX Series; 14.1X53 versions prior to 14.1X53-D30 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;; 15.1X49 versions prior to 15.1X49-D20 on SRX Series. Una vulnerabilidad de gestión incorrecta de privilegios en una sesión shell de Juniper Networks Junos OS permite que un atacante autenticado sin privilegios obtenga el control total del sistema. Las versiones afectadas son Juniper Networks Junos OS: 12.1X46 en versiones anteriores a la 12.1X46-D45 en SRX Series; 12.3X48 en versiones anteriores a la 12.3X48-D20 en SRX Series; 12.3 en versiones anteriores a la 12.3R11 en EX Series; 14.1X53 en versiones anteriores a la 14.1X53-D30 en EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100 y 15.1X49 en versiones anteriores a la 15.1X49-D20 en SRX Series. • http://www.securityfocus.com/bid/104718 http://www.securitytracker.com/id/1041314 https://kb.juniper.net/JSA10857 • CWE-269: Improper Privilege Management •

CVSS: 8.8EPSS: 0%CPEs: 78EXPL: 0

CVE-2018-0005 – Security Bulletin: Junos OS: MAC move limit configured to drop traffic may forward traffic.

https://notcve.org/view.php?id=CVE-2018-0005

QFX and EX Series switches configured to drop traffic when the MAC move limit is exceeded will forward traffic instead of dropping traffic. This can lead to denials of services or other unintended conditions. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D40; 15.1X53 versions prior to 15.1X53-D55; 15.1 versions prior to 15.1R7. Los switches de las series QFX y EX configurados para volcar el tráfico cuando se excede el límite de movimiento de MAC redireccionan tráfico en vez de volcarlo. Esto puede provocar denegaciones de servicio (DoS) u otras condiciones no esperadas. • http://www.securitytracker.com/id/1040182 https://kb.juniper.net/JSA10833 • CWE-754: Improper Check for Unusual or Exceptional Conditions •

CVSS: 5.0EPSS: 4%CPEs: 460EXPL: 3

CVE-2014-9708 – Appweb Web Server Denial Of Service

https://notcve.org/view.php?id=CVE-2014-9708

Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,". Embedthis Appweb anterior a 4.6.6 y 5.x anterior a 5.2.1 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo) a través de una cabecera de rango con un valor vacío, tal y como fue demostrado por 'Rango: x=,'. Appweb Web Server suffers from a denial of service vulnerability. • http://packetstormsecurity.com/files/131157/Appweb-Web-Server-Denial-Of-Service.html http://seclists.org/fulldisclosure/2015/Apr/19 http://seclists.org/fulldisclosure/2015/Mar/158 http://www.openwall.com/lists/oss-security/2015/03/28/2 http://www.openwall.com/lists/oss-security/2015/04/06/2 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/archive/1/535028/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/5 • CWE-476: NULL Pointer Dereference •