Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-11 CVE-2024-47504 An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine (pfe) Juniper Networks Junos OS on SRX5000 Series allows an unauthenticated, network based attacker to cause a Denial of Service (Dos). When a non-clustered SRX5000 device receives a specifically malformed packet this will cause a flowd crash and restart. This issue affects Junos OS: * 22.1 releases 22.1R1 and later before 22.2R3-S5, * 22.3 releases before 22.3R3-S4, * 22.4 releases before 22.4R3-S4, * 23.2 releases before 23.2R2-S2, * 23.4 releases before 23.4R2-S1, * 24.2 releases before 24.2R1-S1, 24.2R2. Please note that the PR does indicate that earlier versions have been fixed as well, but these won't be adversely impacted by this.
network
low complexity
CWE-1287
7.5
7.5
2024-10-11 CVE-2024-47505 An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang.
network
low complexity
CWE-770
6.5
6.5
2024-10-11 CVE-2024-47506 A Deadlock vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a large amount of traffic is processed by ATP Cloud inspection, a deadlock can occur which will result in a PFE crash and restart.
network
high complexity
CWE-833
5.9
5.9
2024-10-11 CVE-2024-47507 An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an integrity impact to the downstream devices. When a peer sends a BGP update message which contains the aggregator attribute with an ASN value of zero (0), rpd accepts and propagates this attribute, which can cause issues for downstream BGP peers receiving this. This issue affects: Junos OS: * All versions before 21.4R3-S6, * 22.2 versions before 22.2R3-S3, * 22.4 versions before 22.4R3;  Junos OS Evolved:  * All versions before 21.4R3-S7-EVO, * 22.2 versions before 22.2R3-S4-EVO, * 22.4 versions before 22.4R3-EVO.
network
low complexity
 5.8
5.8
2024-10-11 CVE-2024-47508 An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang.
network
low complexity
CWE-770
6.5
6.5
2024-10-11 CVE-2024-47509 An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang.
network
low complexity
CWE-770
6.5
6.5
2024-10-11 CVE-2024-4089 Uncontrolled Search Path Element vulnerability in Lenovo Superfile
A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges.
local
low complexity
lenovo CWE-427
7.8
7.8
2024-10-11 CVE-2024-4130 Uncontrolled Search Path Element vulnerability in Lenovo APP Store
A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges.
local
low complexity
lenovo CWE-427
7.8
7.8
2024-10-11 CVE-2024-4131 Uncontrolled Search Path Element vulnerability in Lenovo Emulator
A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges.
local
low complexity
lenovo CWE-427
7.8
7.8
2024-10-11 CVE-2024-4132 Uncontrolled Search Path Element vulnerability in Lenovo Lock Screen
A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges.
local
low complexity
lenovo CWE-427
7.8
7.8