Common Weakness Enumeration

CWE-1286

Allowed

Improper Validation of Syntactic Correctness of Input

Abstraction: Base · Status: Incomplete

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

150 vulnerabilities reference this CWE, most recent first.

CVE-2019-25720 (GCVE-0-2019-25720)

Vulnerability from cvelistv5 – Published: 2026-06-03 16:56 – Updated: 2026-06-03 17:44
VLAI
Title
Dräger SC Monitoring Devices DoS via Malformed Network Packet
Summary
Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain a denial-of-service vulnerability in all software versions that allows unauthenticated attackers to reboot the monitor by sending a malformed network packet. Attackers can repeatedly send such malformed packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
References
Impacted products
Date Public
2019-11-21 00:00
Credits
Jeroen Slobbe and Max Grim
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-25720",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-03T17:44:08.218138Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-03T17:44:47.456Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SC 6002XL",
          "vendor": "Dr\u00e4ger",
          "versions": [
            {
              "status": "affected",
              "version": "SC 6002XL",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SC6802XL",
          "vendor": "Dr\u00e4ger",
          "versions": [
            {
              "status": "affected",
              "version": "SC6802XL",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SC 7000",
          "vendor": "Dr\u00e4ger",
          "versions": [
            {
              "status": "affected",
              "version": "SC 7000",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SC8000",
          "vendor": "Dr\u00e4ger",
          "versions": [
            {
              "status": "affected",
              "version": "SC8000",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SC90000 XL",
          "vendor": "Dr\u00e4ger",
          "versions": [
            {
              "status": "affected",
              "version": "SC90000 XL",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jeroen Slobbe and Max Grim"
        }
      ],
      "datePublic": "2019-11-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eDr\u00e4ger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain a denial-of-service vulnerability in all software versions that allows unauthenticated attackers to reboot the monitor by sending a malformed network packet. Attackers can repeatedly send such malformed packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.\u003c/p\u003e"
            }
          ],
          "value": "Dr\u00e4ger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain a denial-of-service vulnerability in all software versions that allows unauthenticated attackers to reboot the monitor by sending a malformed network packet. Attackers can repeatedly send such malformed packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1286",
              "description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-03T16:56:29.683Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://static.draeger.com/security/download/2019-11-27-Draeger-SC7000-SC9000-security-advisory-update-v1-5.pdf"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/dr-ger-sc-monitoring-devices-dos-via-malformed-network-packet"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Dr\u00e4ger SC Monitoring Devices DoS via Malformed Network Packet"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2019-25720",
    "datePublished": "2026-06-03T16:56:29.683Z",
    "dateReserved": "2026-06-02T14:22:01.500Z",
    "dateUpdated": "2026-06-03T17:44:47.456Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

GHSA-2369-45JQ-XGC9

Vulnerability from github – Published: 2026-03-04 18:31 – Updated: 2026-03-05 15:30
VLAI
Details

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59785"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1286"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-04T16:16:25Z",
    "severity": "MODERATE"
  },
  "details": "Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption.\nThis vulnerability can only be exploited after authenticating with administrator privileges.",
  "id": "GHSA-2369-45jq-xgc9",
  "modified": "2026-03-05T15:30:35Z",
  "published": "2026-03-04T18:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59785"
    },
    {
      "type": "WEB",
      "url": "https://www.2n.com/en-GB/download/cve_2025_59785_acom_3_5_v1pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-26FH-VCWC-MCGV

Vulnerability from github – Published: 2026-04-16 21:31 – Updated: 2026-04-16 21:31
VLAI
Details

Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository, causing the CLI agent to execute arbitrary code on the local device without user consent. Exploitation is non-deterministic and model-dependent. The fix is automatically applied upon relaunch with no user action required.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-6442"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1286"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-16T19:16:35Z",
    "severity": "HIGH"
  },
  "details": "Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository, causing the CLI agent to execute arbitrary code on the local device without user consent. Exploitation is non-deterministic and model-dependent. The fix is automatically applied upon relaunch with no user action required.",
  "id": "GHSA-26fh-vcwc-mcgv",
  "modified": "2026-04-16T21:31:13Z",
  "published": "2026-04-16T21:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6442"
    },
    {
      "type": "WEB",
      "url": "https://community.snowflake.com/s/article/PromptArmor-Report---Snowflake-Response"
    },
    {
      "type": "WEB",
      "url": "https://www.promptarmor.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-288P-75Q5-6GJ7

Vulnerability from github – Published: 2024-09-10 06:30 – Updated: 2024-11-29 06:35
VLAI
Details

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API parameter allowed the use of arbitrary values allowing for an attacker to block access to the guard tour configuration page in the web interface of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-6173"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1286"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-10T05:15:12Z",
    "severity": "MODERATE"
  },
  "details": "51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API parameter allowed the use of arbitrary values allowing for an attacker to block access to the guard tour configuration page in the web interface of the Axis device. \nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.",
  "id": "GHSA-288p-75q5-6gj7",
  "modified": "2024-11-29T06:35:28Z",
  "published": "2024-09-10T06:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6173"
    },
    {
      "type": "WEB",
      "url": "https://www.axis.com/dam/public/33/0c/c8/cve-2024-6173-en-US-448995.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.axis.com/dam/public/5a/87/a2/cve-2024-6173-en-US-458042.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2RQ5-QMGJ-689W

Vulnerability from github – Published: 2022-05-24 17:28 – Updated: 2023-12-12 21:31
VLAI
Details

Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-16220"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1286"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-11T14:15:00Z",
    "severity": "LOW"
  },
  "details": "Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling.",
  "id": "GHSA-2rq5-qmgj-689w",
  "modified": "2023-12-12T21:31:06Z",
  "published": "2022-05-24T17:28:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16220"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01"
    },
    {
      "type": "WEB",
      "url": "https://www.philips.com/productsecurity"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-34F4-M9RH-9X9J

Vulnerability from github – Published: 2024-07-11 18:31 – Updated: 2024-07-12 18:31
VLAI
Details

An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS Evolved on ACX Series and PTX Series allows an unauthenticated, network based attacker to cause a Denial-of-Service (DoS).

This issue can occur in two scenarios:

  1. If a device, which is configured with SFLOW and ECMP, receives specific valid transit traffic, which is subject to sampling, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted. (This scenario is only applicable to PTX but not to ACX or MX.)

  2. If a device receives a malformed CFM packet on an interface configured with CFM, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted. Please note that the CVSS score is for the formally more severe issue 1.

The CVSS score for scenario 2. is: 6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

This issue affects Junos OS:

  • All versions before 21.2R3-S4,
  • 21.4 versions before 21.4R2,
  • 22.2 versions before 22.2R3-S2; 

Junos OS Evolved:

  • All versions before 21.2R3-S8-EVO,
  • 21.4 versions before 21.4R2-EVO.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39542"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1286"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-11T17:15:13Z",
    "severity": "HIGH"
  },
  "details": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS Evolved on ACX Series and PTX Series allows an unauthenticated, network based attacker to cause a Denial-of-Service (DoS).\n\nThis issue can occur in two scenarios:\n\n1. If a device, which is configured with SFLOW and ECMP, receives specific valid transit traffic, which is subject to sampling, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted. (This scenario is only applicable to PTX but not to ACX or MX.)\n\n2. If a device receives a malformed CFM packet on an interface configured with CFM, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted.\u00a0Please note that the CVSS score is for the formally more severe issue 1.\n\nThe CVSS score for scenario 2. is: 6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n\n\n\nThis issue affects Junos OS:\n\n\n\n  *  All versions before\u00a021.2R3-S4,\n  *  21.4 versions before 21.4R2,\n  *  22.2 versions before 22.2R3-S2;\u00a0\n\n\n\n\nJunos OS Evolved:\n\n\n\n\n  *  All versions before\u00a021.2R3-S8-EVO,\n  *  21.4 versions before 21.4R2-EVO.",
  "id": "GHSA-34f4-m9rh-9x9j",
  "modified": "2024-07-12T18:31:48Z",
  "published": "2024-07-11T18:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39542"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA83002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-355P-VP22-PP2V

Vulnerability from github – Published: 2024-01-12 03:30 – Updated: 2024-01-12 03:30
VLAI
Details

An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).

On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.

NAT IP usage can be monitored by running the following command.

user@srx> show security nat resource-usage source-pool

Pool name: source_pool_name .. Address Factor-index Port-range Used Avail Total Usage X.X.X.X 0 Single Ports 50258 52342 62464 96% <<<<< - Alg Ports 0 2048 2048 0% This issue affects:

Juniper Networks Junos OS on MX Series and SRX Series

  • All versions earlier than 21.2R3-S6;
  • 21.3 versions earlier than 21.3R3-S5;
  • 21.4 versions earlier than 21.4R3-S5;
  • 22.1 versions earlier than 22.1R3-S4;
  • 22.2 versions earlier than 22.2R3-S3;
  • 22.3 versions earlier than 22.3R3-S1;
  • 22.4 versions earlier than 22.4R2-S2, 22.4R3;
  • 23.2 versions earlier than 23.2R1-S1, 23.2R2.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21616"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1286"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-12T01:15:50Z",
    "severity": "HIGH"
  },
  "details": "\nAn Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).\n\nOn all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.\n\nNAT IP usage can be monitored by running the following command.\n\nuser@srx\u003e show security nat resource-usage source-pool \u003csource_pool_name\u003e\n\n\nPool name: source_pool_name\n..\nAddress Factor-index Port-range Used Avail Total Usage\nX.X.X.X\n0 Single Ports 50258 52342 62464 96% \u003c\u003c\u003c\u003c\u003c\n- Alg Ports 0 2048 2048 0%\nThis issue affects:\n\nJuniper Networks Junos OS on MX Series and SRX Series\n\n\n\n  *  All versions earlier than 21.2R3-S6;\n  *  21.3 versions earlier than 21.3R3-S5;\n  *  21.4 versions earlier than 21.4R3-S5;\n  *  22.1 versions earlier than 22.1R3-S4;\n  *  22.2 versions earlier than 22.2R3-S3;\n  *  22.3 versions earlier than 22.3R3-S1;\n  *  22.4 versions earlier than 22.4R2-S2, 22.4R3;\n  *  23.2 versions earlier than 23.2R1-S1, 23.2R2.\n\n\n\n\n\n\n",
  "id": "GHSA-355p-vp22-pp2v",
  "modified": "2024-01-12T03:30:49Z",
  "published": "2024-01-12T03:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21616"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA75757"
    },
    {
      "type": "WEB",
      "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-35M6-RF3V-8CXX

Vulnerability from github – Published: 2024-04-10 18:30 – Updated: 2024-09-20 15:30
VLAI
Details

A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS module to stop updating nodes, links, and assets.

Network traffic may not be analyzed until the IDS module is restarted.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-0218"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1286",
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-10T16:15:09Z",
    "severity": "HIGH"
  },
  "details": "A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS module to stop updating nodes, links, and assets.\n\nNetwork traffic may not be analyzed until the IDS module is restarted.\n\n",
  "id": "GHSA-35m6-rf3v-8cxx",
  "modified": "2024-09-20T15:30:36Z",
  "published": "2024-04-10T18:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0218"
    },
    {
      "type": "WEB",
      "url": "https://security.nozominetworks.com/NN-2024:1-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3855-FJJH-9XH2

Vulnerability from github – Published: 2026-03-25 18:31 – Updated: 2026-03-25 18:31
VLAI
Details

A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users.

This vulnerability exists because parameters that are received by an API endpoint are not sufficiently validated. An attacker could exploit this vulnerability by authenticating as a Lobby Ambassador user and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to create a new user with privilege level 1 access to the web-based management API. The attacker would then be able to access the device with these new credentials and privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-20114"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1286"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T16:16:16Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users. \n\n This vulnerability exists because parameters that are received by an API endpoint are not sufficiently validated. An attacker could exploit this vulnerability by authenticating as a Lobby Ambassador user and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to create a new user with privilege level 1 access to the web-based management API. The attacker would then be able to access the device with these new credentials and privileges.",
  "id": "GHSA-3855-fjjh-9xh2",
  "modified": "2026-03-25T18:31:47Z",
  "published": "2026-03-25T18:31:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20114"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-lobby-privesc-KwxBqJy"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-38GM-M6WW-X846

Vulnerability from github – Published: 2024-01-12 03:30 – Updated: 2024-01-12 03:30
VLAI
Details

An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).

If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device.

This issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices.

This issue affects:

Juniper Networks Junos OS

  • 21.4R3 versions earlier than 21.4R3-S4;
  • 22.1R3 versions earlier than 22.1R3-S3;
  • 22.2R2 versions earlier than 22.2R3-S1;
  • 22.3 versions earlier than 22.3R2-S2, 22.3R3;
  • 22.4 versions earlier than 22.4R2;
  • 23.1 versions earlier than 23.1R2.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21595"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1286"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-12T01:15:47Z",
    "severity": "HIGH"
  },
  "details": "\nAn Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nIf an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device.\n\nThis issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n  *  21.4R3 versions earlier than 21.4R3-S4;\n  *  22.1R3 versions earlier than 22.1R3-S3;\n  *  22.2R2 versions earlier than 22.2R3-S1;\n  *  22.3 versions earlier than 22.3R2-S2, 22.3R3;\n  *  22.4 versions earlier than 22.4R2;\n  *  23.1 versions earlier than 23.1R2.\n\n\n\n\n\n\n",
  "id": "GHSA-38gm-m6ww-x846",
  "modified": "2024-01-12T03:30:48Z",
  "published": "2024-01-12T03:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21595"
    },
    {
      "type": "WEB",
      "url": "https://advisory.juniper.net/JSA75734"
    },
    {
      "type": "WEB",
      "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
CAPEC-66: SQL Injection

This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input.

CAPEC-676: NoSQL Injection

An adversary targets software that constructs NoSQL statements based on user input or with parameters vulnerable to operator replacement in order to achieve a variety of technical impacts such as escalating privileges, bypassing authentication, and/or executing code.