Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2024/04/GHSA-chjj-m6f7-j5g6/GHSA-chjj-m6f7-j5g6.json

@@ -1,16 +1,20 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-chjj-m6f7-j5g6",
-  "modified": "2024-05-16T21:31:56Z",
+  "modified": "2026-01-23T18:31:21Z",
   "published": "2024-04-12T15:37:21Z",
   "aliases": [
     "CVE-2024-21593"
   ],
-  "details": "An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nIf an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition.\n \nCircuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue.\n\nThis issue only affects MX Series with MPC10, MPC11, LC9600, and MX304.\n\nThis issue affects:\nJuniper Networks Junos OS\n21.4 versions from 21.4R3 earlier than 21.4R3-S5;\n22.2 versions from 22.2R2 earlier than 22.2R3-S2;\n22.3 versions from 22.3R1 earlier than 22.3R2-S2;\n22.3 versions from 22.3R3 earlier than 22.3R3-S1\n22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3;\n23.2 versions earlier than 23.2R1-S1, 23.2R2.\n\n\n",
+  "details": "An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nIf an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition.\n \nCircuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue.\n\nThis issue only affects MX Series with MPC10, MPC11, LC9600, and MX304.\n\nThis issue affects:\nJuniper Networks Junos OS\n21.4 versions from 21.4R3 earlier than 21.4R3-S5;\n22.2 versions from 22.2R2 earlier than 22.2R3-S2;\n22.3 versions from 22.3R1 earlier than 22.3R2-S2;\n22.3 versions from 22.3R3 earlier than 22.3R3-S1\n22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3;\n23.2 versions earlier than 23.2R1-S1, 23.2R2.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
     }
   ],
   "affected": [],

advisories/unreviewed/2024/04/GHSA-fwcw-wmg8-r4vq/GHSA-fwcw-wmg8-r4vq.json

@@ -1,16 +1,20 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fwcw-wmg8-r4vq",
-  "modified": "2024-05-16T21:31:57Z",
+  "modified": "2026-01-23T18:31:21Z",
   "published": "2024-04-12T18:33:26Z",
   "aliases": [
     "CVE-2024-30388"
   ],
-  "details": "An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series and EX Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nIf a specific malformed LACP packet is received by a QFX5000 Series, or an EX4400, EX4100 or EX4650 Series device, an LACP flap will occur resulting in traffic loss.\nThis issue affects Junos OS on QFX5000 Series, and on EX4400, EX4100 or EX4650 Series:\n\n\n\n  *  20.4 versions from \n\n20.4R3-S4\n\nbefore 20.4R3-S8,\n  *  21.2 versions from \n\n21.2R3-S2\n\nbefore 21.2R3-S6,\n  *  21.4 versions from \n\n21.4R2\n\nbefore 21.4R3-S4,\n\n  *  22.1 versions from\n\n22.1R2\n\n before 22.1R3-S3,\n  *  22.2 versions before 22.2R3-S1,\n  *  22.3 versions before 22.3R2-S2, 22.3R3,\n  *  22.4 versions before 22.4R2-S1, 22.4R3.\n\n\n\n\n",
+  "details": "An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series and EX Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nIf a specific malformed LACP packet is received by a QFX5000 Series, or an EX4400, EX4100 or EX4650 Series device, an LACP flap will occur resulting in traffic loss.\nThis issue affects Junos OS on QFX5000 Series, and on EX4400, EX4100 or EX4650 Series:\n\n\n\n  *  20.4 versions from \n\n20.4R3-S4\n\nbefore 20.4R3-S8,\n  *  21.2 versions from \n\n21.2R3-S2\n\nbefore 21.2R3-S6,\n  *  21.4 versions from \n\n21.4R2\n\nbefore 21.4R3-S4,\n\n  *  22.1 versions from\n\n22.1R2\n\n before 22.1R3-S3,\n  *  22.2 versions before 22.2R3-S1,\n  *  22.3 versions before 22.3R2-S2, 22.3R3,\n  *  22.4 versions before 22.4R2-S1, 22.4R3.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
     }
   ],
   "affected": [],

advisories/unreviewed/2024/04/GHSA-jqhc-3v3m-gjx4/GHSA-jqhc-3v3m-gjx4.json

@@ -1,16 +1,20 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jqhc-3v3m-gjx4",
-  "modified": "2024-05-16T21:31:57Z",
+  "modified": "2026-01-23T18:31:21Z",
   "published": "2024-04-12T18:33:27Z",
   "aliases": [
     "CVE-2024-30392"
   ],
-  "details": "A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).\n\nOn all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific URL request is received and processed, flowd will crash and restart. Continuous reception of the specific URL request will lead to a sustained Denial of Service (DoS) condition.\n\nThis issue affects:\nJunos OS:\n\n\n\n  *  all versions before 21.2R3-S6,\n\n  *  from 21.3 before 21.3R3-S5,\n\n  *  from 21.4 before 21.4R3-S5,\n\n  *  from 22.1 before 22.1R3-S3,\n\n  *  from 22.2 before 22.2R3-S1,\n\n  *  from 22.3 before 22.3R2-S2, 22.3R3,\n\n  *  from 22.4 before 22.4R2-S1, 22.4R3.\n\n\n\n\n\n",
+  "details": "A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).\n\nOn all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific URL request is received and processed, flowd will crash and restart. Continuous reception of the specific URL request will lead to a sustained Denial of Service (DoS) condition.\n\nThis issue affects:\nJunos OS:\n\n\n\n  *  all versions before 21.2R3-S6,\n\n  *  from 21.3 before 21.3R3-S5,\n\n  *  from 21.4 before 21.4R3-S5,\n\n  *  from 22.1 before 22.1R3-S3,\n\n  *  from 22.2 before 22.2R3-S1,\n\n  *  from 22.3 before 22.3R2-S2, 22.3R3,\n\n  *  from 22.4 before 22.4R2-S1, 22.4R3.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
     }
   ],
   "affected": [],

advisories/unreviewed/2024/04/GHSA-pqmg-f829-g3ww/GHSA-pqmg-f829-g3ww.json

@@ -1,16 +1,20 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pqmg-f829-g3ww",
-  "modified": "2024-05-16T18:30:31Z",
+  "modified": "2026-01-23T18:31:21Z",
   "published": "2024-04-12T18:33:27Z",
   "aliases": [
     "CVE-2024-30401"
   ],
-  "details": "An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11, MX10K-LC9600 line cards, MX304, and EX9200-15C, may allow an attacker to exploit a stack-based buffer overflow, leading to a reboot of the FPC.\n\nThrough code review, it was determined that the interface definition code for aftman could read beyond a buffer boundary, leading to a stack-based buffer overflow.\nThis issue affects Junos OS on MX Series and EX9200-15C:\n\n\n  *  from 21.2 before 21.2R3-S1, \n  *  from 21.4 before 21.4R3, \n  *  from 22.1 before 22.1R2, \n  *  from 22.2 before 22.2R2; \n\n\n\n\nThis issue does not affect:\n\n\n\n  *  versions of Junos OS prior to 20.3R1;\n  *  any version of Junos OS 20.4.\n\n\n",
+  "details": "An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11, MX10K-LC9600 line cards, MX304, and EX9200-15C, may allow an attacker to exploit a stack-based buffer overflow, leading to a reboot of the FPC.\n\nThrough code review, it was determined that the interface definition code for aftman could read beyond a buffer boundary, leading to a stack-based buffer overflow.\nThis issue affects Junos OS on MX Series and EX9200-15C:\n\n\n  *  from 21.2 before 21.2R3-S1, \n  *  from 21.4 before 21.4R3, \n  *  from 22.1 before 22.1R2, \n  *  from 22.2 before 22.2R2; \n\n\n\n\nThis issue does not affect:\n\n\n\n  *  versions of Junos OS prior to 20.3R1;\n  *  any version of Junos OS 20.4.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
     }
   ],
   "affected": [],

advisories/unreviewed/2024/04/GHSA-vgc6-c45c-9998/GHSA-vgc6-c45c-9998.json

@@ -1,16 +1,20 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vgc6-c45c-9998",
-  "modified": "2024-05-16T21:31:56Z",
+  "modified": "2026-01-23T18:31:21Z",
   "published": "2024-04-12T15:37:22Z",
   "aliases": [
     "CVE-2024-30406"
   ],
-  "details": "A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials.\n\nThis issue affects only Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO. \n\nThis issue does not affect releases before 23.1R1-EVO.\n\n\n\n",
+  "details": "A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials.\n\nThis issue affects only Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO. \n\nThis issue does not affect releases before 23.1R1-EVO.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
     }
   ],
   "affected": [],

advisories/unreviewed/2024/10/GHSA-36p8-9jxx-p4v9/GHSA-36p8-9jxx-p4v9.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-36p8-9jxx-p4v9",
-  "modified": "2024-10-28T12:30:55Z",
+  "modified": "2026-01-23T18:31:22Z",
   "published": "2024-10-28T12:30:55Z",
   "aliases": [
     "CVE-2024-50498"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50498"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/JoshuaProvoste/0-click-RCE-Exploit-for-CVE-2024-50498"
+    },
     {
       "type": "WEB",
       "url": "https://patchstack.com/database/vulnerability/wp-query-console/wordpress-wp-query-console-plugin-1-0-remote-code-execution-rce-vulnerability?_s_id=cve"

advisories/unreviewed/2024/10/GHSA-64x3-6qxr-php3/GHSA-64x3-6qxr-php3.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-64x3-6qxr-php3",
-  "modified": "2024-10-26T03:30:43Z",
+  "modified": "2026-01-23T18:31:21Z",
   "published": "2024-10-26T03:30:43Z",
   "aliases": [
     "CVE-2024-9932"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9932"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/JoshuaProvoste/0-click-RCE-Exploit-for-CVE-2024-9932"
+    },
     {
       "type": "WEB",
       "url": "https://plugins.trac.wordpress.org/browser/wux-blog-editor/tags/3.0.0/External_Post_Editor.php#L675"

advisories/unreviewed/2024/11/GHSA-2vcg-x9q7-3f22/GHSA-2vcg-x9q7-3f22.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2vcg-x9q7-3f22",
-  "modified": "2024-11-28T18:38:36Z",
+  "modified": "2026-01-23T18:31:22Z",
   "published": "2024-11-28T18:38:36Z",
   "aliases": [
     "CVE-2024-9669"

advisories/unreviewed/2024/11/GHSA-72rv-wmp8-fpjh/GHSA-72rv-wmp8-fpjh.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-72rv-wmp8-fpjh",
-  "modified": "2024-11-04T15:31:58Z",
+  "modified": "2026-01-23T18:31:22Z",
   "published": "2024-11-04T15:31:58Z",
   "aliases": [
     "CVE-2024-50526"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50526"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/JoshuaProvoste/0-click-RCE-Exploit-for-CVE-2024-50526"
+    },
     {
       "type": "WEB",
       "url": "https://patchstack.com/database/vulnerability/multi-purpose-mail-form/wordpress-multi-purpose-mail-form-plugin-1-0-2-arbitrary-file-upload-vulnerability-2?_s_id=cve"

advisories/unreviewed/2024/11/GHSA-9q6m-jvw2-h293/GHSA-9q6m-jvw2-h293.json

@@ -26,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-78"
+      "CWE-78",
+      "CWE-79"
     ],
     "severity": "HIGH",
     "github_reviewed": false,