CWE-480
AllowedUse of Incorrect Operator
Abstraction: Base · Status: Draft
The product accidentally uses the wrong operator, which changes the logic in security-relevant ways.
11 vulnerabilities reference this CWE, most recent first.
CVE-2026-48497 (GCVE-0-2026-48497)
Vulnerability from cvelistv5 – Published: 2026-06-26 17:32 – Updated: 2026-06-26 18:32- CWE-480 - Use of Incorrect Operator
| URL | Tags |
|---|---|
| https://github.com/envoyproxy/envoy/security/advi… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy |
Affected:
>= 1.38.0, < 1.38.1
Affected: >= 1.37.0, < 1.37.3 Affected: >= 1.36.0, < 1.36.7 Affected: < 1.35.11 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48497",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T18:32:39.500724Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T18:32:51.626Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.38.0, \u003c 1.38.1"
},
{
"status": "affected",
"version": "\u003e= 1.37.0, \u003c 1.37.3"
},
{
"status": "affected",
"version": "\u003e= 1.36.0, \u003c 1.36.7"
},
{
"status": "affected",
"version": "\u003c 1.35.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution containing a name with the length of 255 octets or remote resolution for a name of 255 octets long can complete successfully, a query with such name will result in abnormal process termination. The abnormal process termination is triggered by an invalid runtime precondition that the query name is strictly less than 255 octets, contradicting DNS specification rfc1035#section-2.3.4 that the name can be 255 or less octets. This vulnerability is fixed in 1.35.11, 1.36.7, 1.37.3, and 1.38.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-480",
"description": "CWE-480: Use of Incorrect Operator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T17:32:58.310Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j6g2-wf95-q66q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j6g2-wf95-q66q"
}
],
"source": {
"advisory": "GHSA-j6g2-wf95-q66q",
"discovery": "UNKNOWN"
},
"title": "Envoy: Abnormal process termination in DNS UDP filter"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-48497",
"datePublished": "2026-06-26T17:32:58.310Z",
"dateReserved": "2026-05-21T15:33:08.292Z",
"dateUpdated": "2026-06-26T18:32:51.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15043 (GCVE-0-2026-15043)
Vulnerability from cvelistv5 – Published: 2026-07-14 09:44 – Updated: 2026-07-14 15:32- CWE-480 - Use of Incorrect Operator
| Vendor | Product | Version | |
|---|---|---|---|
| HMBRAND | DBI::SQL::Nano |
Affected:
1.42 , < 1.651
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-07-14T11:30:25.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/07/14/9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-15043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T14:14:59.552000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T14:16:12.284Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "DBI",
"product": "DBI::SQL::Nano",
"programFiles": [
"lib/DBI/SQL/Nano.pm"
],
"programRoutines": [
{
"name": "DBI::SQL::Nano::is_matched"
}
],
"repo": "https://github.com/perl5-dbi/dbi",
"vendor": "HMBRAND",
"versions": [
{
"lessThan": "1.651",
"status": "affected",
"version": "1.42",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted \u003c= and \u003e= SQL operators on text.\n\nDBI::SQL::Nano, DBI\u0027s built-in mini-SQL engine, evaluated WHERE predicates incorrectly in some cases. In the non-numeric string branch of the is_matched method, \u003c= was evaluated using Perl\u0027s ge operator, and \u003e= was evaluated using Perl\u0027s le operator.\n\nSQL::Nano is the fallback query engine for DBI\u0027s file-backed drivers (DBD::File, DBD::DBM, CSV-style drivers) whenever SQL::Statement is not installed, and is forced whenever DBI_SQL_NANO=1. Queries over such tables use these predicates directly.\n\nThe impact depends on the context. Where an application relies on a WHERE clause to filter file-backed data for policy or authorization, an inverted \u003c=/\u003e= comparison silently returns the wrong rows."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-480",
"description": "CWE-480 Use of Incorrect Operator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T15:32:33.329Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/perl5-dbi/dbi/security/advisories/GHSA-mv45-ff6j-x9jp"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/HMBRAND/DBI-1.651/changes"
},
{
"tags": [
"patch"
],
"url": "https://github.com/perl5-dbi/dbi/commit/e9742ef85a75867cbd696860e3bf3e32b681f98d.patch"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to DBI 1.651 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2004-03-12T00:00:00.000Z",
"value": "Version 1.42 released with DBI::SQL::Nano."
},
{
"lang": "en",
"time": "2026-07-10T00:00:00.000Z",
"value": "Patch that fixes DBI::SQL::Nano merged."
},
{
"lang": "en",
"time": "2026-07-14T00:00:00.000Z",
"value": "Version 1.651 released."
}
],
"title": "DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted \u003c= and \u003e= SQL operators on text",
"workarounds": [
{
"lang": "en",
"value": "For deployments that cannot upgrade, apply the patch or install SQL::Statement."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-15043",
"datePublished": "2026-07-14T09:44:25.733Z",
"dateReserved": "2026-07-08T11:48:00.718Z",
"dateUpdated": "2026-07-14T15:32:33.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4748 (GCVE-0-2026-4748)
Vulnerability from cvelistv5 – Published: 2026-04-01 06:18 – Updated: 2026-04-01 14:56| URL | Tags |
|---|---|
| https://security.freebsd.org/advisories/FreeBSD-S… | vendor-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:55:44.105033Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T14:56:02.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"pf"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p5",
"status": "affected",
"version": "15.0-RELEASE",
"versionType": "release"
},
{
"lessThan": "p1",
"status": "affected",
"version": "14.4-RELEASE",
"versionType": "release"
},
{
"lessThan": "p10",
"status": "affected",
"version": "14.3-RELEASE",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Gmelin"
}
],
"datePublic": "2026-03-26T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the address[/mask-bits] syntax were not affected.\n\nSome keywords representing actions taken on a packet-matching rule, such as \u0027log\u0027, \u0027return tll\u0027, or \u0027dnpipe\u0027, may suffer from the same issue. It is unlikely that users have such configurations, as these rules would always be redundant.\n\nAffected rules are silently ignored, which can lead to unexpected behaviour including over- and underblocking."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-480",
"description": "CWE-480: Use of Incorrect Operator",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-1023",
"description": "CWE-1023: Incomplete Comparison with Missing Factors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T06:18:52.097Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-26:09.pf.asc"
}
],
"title": "pf silently ignores certain rules",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2026-4748",
"datePublished": "2026-04-01T06:18:52.097Z",
"dateReserved": "2026-03-24T04:14:17.566Z",
"dateUpdated": "2026-04-01T14:56:02.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52985 (GCVE-0-2025-52985)
Vulnerability from cvelistv5 – Published: 2025-07-11 15:09 – Updated: 2025-07-18 07:16- CWE-480 - Use of Incorrect Operator
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA100091 | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Affected:
23.2R2-S3-EVO , < 23.2R2-S4-EVO
(semver)
Affected: 23.4R2-S3-EVO , < 23.4R2-S5-EVO (semver) Affected: 24.2R2-EVO , < 24.2R2-S1-EVO (semver) Affected: 24.4-EVO , < 24.4R1-S3-EVO, 24.4R2-EVO (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52985",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T16:04:44.130312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T19:55:16.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "23.2R2-S4-EVO",
"status": "affected",
"version": "23.2R2-S3-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S5-EVO",
"status": "affected",
"version": "23.4R2-S3-EVO",
"versionType": "semver"
},
{
"lessThan": "24.2R2-S1-EVO",
"status": "affected",
"version": "24.2R2-EVO",
"versionType": "semver"
},
{
"lessThan": "24.4R1-S3-EVO, 24.4R2-EVO",
"status": "affected",
"version": "24.4-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A system will only be affected by this vulnerability if like in the following example a\n\nfirewall filter applied to the lo0 or re:mgmt interface references a prefix list with the \u0027from prefix-list\u0027 clause, and that prefix list contains more than 10 entries:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ policy-options prefix-list \u0026lt;prefix-list name\u0026gt; \u0026lt;prefix1\u0026gt; ]\u003cbr\u003e...\u003cbr\u003e\n\n[ policy-options prefix-list \u0026lt;prefix-list name\u0026gt;\n\n\u0026lt;prefix11\u0026gt; ]\u003cbr\u003e...\u003cbr\u003e[ firewall family \u0026lt;inet/inet6\u0026gt; filter \u0026lt;filter name\u0026gt; term \u0026lt;term name\u0026gt; from prefix-list \n\n\u0026lt;prefix-list name\u0026gt;\n\n ]\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e[ interfaces \u0026lt;lo0 unit \u0026lt;unit\u0026gt; / re:mgmt\u0026lt;0/1\u0026gt; unit \n\n\u0026lt;unit\u0026gt;\u0026gt; family \u0026lt;inet/inet6\u0026gt; filter \u0026lt;input/output\u0026gt; \n\n\u0026lt;filter name\u0026gt;\n\n ]\u003c/span\u003e\u003c/tt\u003e"
}
],
"value": "A system will only be affected by this vulnerability if like in the following example a\n\nfirewall filter applied to the lo0 or re:mgmt interface references a prefix list with the \u0027from prefix-list\u0027 clause, and that prefix list contains more than 10 entries:\n\n[ policy-options prefix-list \u003cprefix-list name\u003e \u003cprefix1\u003e ]\n...\n\n\n[ policy-options prefix-list \u003cprefix-list name\u003e\n\n\u003cprefix11\u003e ]\n...\n[ firewall family \u003cinet/inet6\u003e filter \u003cfilter name\u003e term \u003cterm name\u003e from prefix-list \n\n\u003cprefix-list name\u003e\n\n ]\n[ interfaces \u003clo0 unit \u003cunit\u003e / re:mgmt\u003c0/1\u003e unit \n\n\u003cunit\u003e\u003e family \u003cinet/inet6\u003e filter \u003cinput/output\u003e \n\n\u003cfilter name\u003e\n\n ]"
}
],
"datePublic": "2025-07-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Use of Incorrect Operator\n\nvulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to bypass security restrictions.\u003cbr\u003e\u003cbr\u003eWhen a firewall filter which is applied to the lo0 or re:mgmt interface references a prefix list with \u0027from prefix-list\u0027, and that prefix list contains more than 10 entries, the prefix list doesn\u0027t match and packets destined to or from the local device are not filtered.\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue affects firewall filters applied to the re:mgmt interfaces as input and output, but only affects firewall filters applied to the lo0 interface as output.\u003c/span\u003e\u003cbr\u003eThis issue is applicable to IPv4 and IPv6 as a prefix list can contain IPv4 and IPv6 prefixes.\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS Evolved:\u003c/p\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e23.2R2-S3-EVO versions before 23.2R2-S4-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e23.4R2-S3-EVO versions before 23.4R2-S5-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e24.2R2-EVO versions before 24.2R2-S1-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003eThis issue doesn\u0027t affect Junos OS Evolved versions before 23.2R1-EVO."
}
],
"value": "A Use of Incorrect Operator\n\nvulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to bypass security restrictions.\n\nWhen a firewall filter which is applied to the lo0 or re:mgmt interface references a prefix list with \u0027from prefix-list\u0027, and that prefix list contains more than 10 entries, the prefix list doesn\u0027t match and packets destined to or from the local device are not filtered.\n\n\nThis issue affects firewall filters applied to the re:mgmt interfaces as input and output, but only affects firewall filters applied to the lo0 interface as output.\nThis issue is applicable to IPv4 and IPv6 as a prefix list can contain IPv4 and IPv6 prefixes.\nThis issue affects Junos OS Evolved:\n\n * 23.2R2-S3-EVO versions before 23.2R2-S4-EVO,\n * 23.4R2-S3-EVO versions before 23.4R2-S5-EVO,\n * 24.2R2-EVO versions before 24.2R2-S1-EVO,\n * 24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.\n\n\nThis issue doesn\u0027t affect Junos OS Evolved versions before 23.2R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-480",
"description": "CWE-480 Use of Incorrect Operator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-18T07:16:09.464Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA100091"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 23.2R2-S4-EVO, 23.4R2-S5-EVO, 24.2R2-S1-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 23.2R2-S4-EVO, 23.4R2-S5-EVO, 24.2R2-S1-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA100091",
"defect": [
"1866334"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: When a control-plane firewall filter refers to a prefix-list with more than 10 entries it\u0027s not matching",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A workaround for this issue is to refer to the prefix list either with\u0026nbsp;the \u0027source-prefix-list\u0027 or the \u0027destination-prefix-list\u0027 match condition (\u0027from\u0027)."
}
],
"value": "A workaround for this issue is to refer to the prefix list either with\u00a0the \u0027source-prefix-list\u0027 or the \u0027destination-prefix-list\u0027 match condition (\u0027from\u0027)."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-52985",
"datePublished": "2025-07-11T15:09:58.361Z",
"dateReserved": "2025-06-23T18:23:44.546Z",
"dateUpdated": "2025-07-18T07:16:09.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35190 (GCVE-0-2024-35190)
Vulnerability from cvelistv5 – Published: 2024-05-17 16:55 – Updated: 2024-08-02 03:07| URL | Tags |
|---|---|
| https://github.com/asterisk/asterisk/security/adv… | x_refsource_CONFIRM |
| https://github.com/asterisk/asterisk/pull/600 | x_refsource_MISC |
| https://github.com/asterisk/asterisk/pull/602 | x_refsource_MISC |
| https://github.com/asterisk/asterisk/commit/85241… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | asterisk |
Affected:
= 21.3.0
Affected: = 20.8.0 Affected: = 18.23.0 |
|
| asterisk | asterisk |
Affected:
21.3.0
cpe:2.3:a:asterisk:asterisk:21.3.0:*:*:*:*:*:*:* |
|
| asterisk | asterisk |
Affected:
20.8.0
cpe:2.3:a:asterisk:asterisk:20.8.0:*:*:*:*:*:*:* |
|
| asterisk | asterisk |
Affected:
18.23.0
cpe:2.3:a:asterisk:asterisk:18.23.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:asterisk:asterisk:21.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "21.3.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:asterisk:asterisk:20.8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "20.8.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:asterisk:asterisk:18.23.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "18.23.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35190",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T19:33:53.154042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T15:28:38.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9"
},
{
"name": "https://github.com/asterisk/asterisk/pull/600",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/pull/600"
},
{
"name": "https://github.com/asterisk/asterisk/pull/602",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/pull/602"
},
{
"name": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "= 21.3.0"
},
{
"status": "affected",
"version": "= 20.8.0"
},
{
"status": "affected",
"version": "= 18.23.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-480",
"description": "CWE-480: Use of Incorrect Operator",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670: Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-17T16:55:41.346Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9"
},
{
"name": "https://github.com/asterisk/asterisk/pull/600",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/pull/600"
},
{
"name": "https://github.com/asterisk/asterisk/pull/602",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/pull/602"
},
{
"name": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d"
}
],
"source": {
"advisory": "GHSA-qqxj-v78h-hrf9",
"discovery": "UNKNOWN"
},
"title": "Asterisk\u0027 res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-35190",
"datePublished": "2024-05-17T16:55:41.346Z",
"dateReserved": "2024-05-10T14:24:24.341Z",
"dateUpdated": "2024-08-02T03:07:46.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1947 (GCVE-0-2022-1947)
Vulnerability from cvelistv5 – Published: 2022-05-31 22:20 – Updated: 2024-08-03 00:24- CWE-480 - Use of Incorrect Operator
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e3… | x_refsource_CONFIRM |
| https://github.com/polonel/trudesk/commit/a9e38f2… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| polonel | polonel/trudesk |
Affected:
unspecified , < 1.2.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:42.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-480",
"description": "CWE-480 Use of Incorrect Operator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-31T22:20:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5"
}
],
"source": {
"advisory": "cb4d0ab3-51ba-4a42-9e38-ac0e544266f1",
"discovery": "EXTERNAL"
},
"title": "Use of Incorrect Operator in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1947",
"STATE": "PUBLIC",
"TITLE": "Use of Incorrect Operator in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-480 Use of Incorrect Operator"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1"
},
{
"name": "https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5"
}
]
},
"source": {
"advisory": "cb4d0ab3-51ba-4a42-9e38-ac0e544266f1",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1947",
"datePublished": "2022-05-31T22:20:11.000Z",
"dateReserved": "2022-05-30T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:42.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-2V62-QXWF-QH42
Vulnerability from github – Published: 2026-04-01 09:31 – Updated: 2026-04-01 18:36A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the address[/mask-bits] syntax were not affected.
Some keywords representing actions taken on a packet-matching rule, such as 'log', 'return tll', or 'dnpipe', may suffer from the same issue. It is unlikely that users have such configurations, as these rules would always be redundant.
Affected rules are silently ignored, which can lead to unexpected behaviour including over- and underblocking.
{
"affected": [],
"aliases": [
"CVE-2026-4748"
],
"database_specific": {
"cwe_ids": [
"CWE-480"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-01T07:16:02Z",
"severity": "HIGH"
},
"details": "A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the address[/mask-bits] syntax were not affected.\n\nSome keywords representing actions taken on a packet-matching rule, such as \u0027log\u0027, \u0027return tll\u0027, or \u0027dnpipe\u0027, may suffer from the same issue. It is unlikely that users have such configurations, as these rules would always be redundant.\n\nAffected rules are silently ignored, which can lead to unexpected behaviour including over- and underblocking.",
"id": "GHSA-2v62-qxwf-qh42",
"modified": "2026-04-01T18:36:35Z",
"published": "2026-04-01T09:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4748"
},
{
"type": "WEB",
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-26:09.pf.asc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6CWP-88HV-X237
Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-06-30 03:36In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry
New test case fails unexpectedly when avx2 matching functions are used.
The test first loads a ranomly generated pipapo set with 'ipv4 . port' key, i.e. nft -f foo.
This works. Then, it reloads the set after a flush: (echo flush set t s; cat foo) | nft -f -
This is expected to work, because its the same set after all and it was already loaded once.
But with avx2, this fails: nft reports a clashing element.
The reported clash is of following form:
We successfully re-inserted
a . b
c . d
Then we try to insert a . d
avx2 finds the already existing a . d, which (due to 'flush set') is marked as invalid in the new generation. It skips the element and moves to next.
Due to incorrect masking, the skip-step finds the next matching element only considering the first field,
i.e. we return the already reinserted "a . b", even though the last field is different and the entry should not have been matched.
No such error is reported for the generic c implementation (no avx2) or when the last field has to use the 'nft_pipapo_avx2_lookup_slow' fallback.
Bisection points to 7711f4bb4b36 ("netfilter: nft_set_pipapo: fix range overlap detection") but that fix merely uncovers this bug.
Before this commit, the wrong element is returned, but erronously reported as a full, identical duplicate.
The root-cause is too early return in the avx2 match functions. When we process the last field, we should continue to process data until the entire input size has been consumed to make sure no stale bits remain in the map.
{
"affected": [],
"aliases": [
"CVE-2026-43114"
],
"database_specific": {
"cwe_ids": [
"CWE-480"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T10:16:25Z",
"severity": "CRITICAL"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo_avx2: don\u0027t return non-matching entry on expiry\n\nNew test case fails unexpectedly when avx2 matching functions are used.\n\nThe test first loads a ranomly generated pipapo set\nwith \u0027ipv4 . port\u0027 key, i.e. nft -f foo.\n\nThis works. Then, it reloads the set after a flush:\n(echo flush set t s; cat foo) | nft -f -\n\nThis is expected to work, because its the same set after all and it was\nalready loaded once.\n\nBut with avx2, this fails: nft reports a clashing element.\n\nThe reported clash is of following form:\n\n We successfully re-inserted\n a . b\n c . d\n\nThen we try to insert a . d\n\navx2 finds the already existing a . d, which (due to \u0027flush set\u0027) is marked\nas invalid in the new generation. It skips the element and moves to next.\n\nDue to incorrect masking, the skip-step finds the next matching\nelement *only considering the first field*,\n\ni.e. we return the already reinserted \"a . b\", even though the\nlast field is different and the entry should not have been matched.\n\nNo such error is reported for the generic c implementation (no avx2) or when\nthe last field has to use the \u0027nft_pipapo_avx2_lookup_slow\u0027 fallback.\n\nBisection points to\n7711f4bb4b36 (\"netfilter: nft_set_pipapo: fix range overlap detection\")\nbut that fix merely uncovers this bug.\n\nBefore this commit, the wrong element is returned, but erronously\nreported as a full, identical duplicate.\n\nThe root-cause is too early return in the avx2 match functions.\nWhen we process the last field, we should continue to process data\nuntil the entire input size has been consumed to make sure no stale\nbits remain in the map.",
"id": "GHSA-6cwp-88hv-x237",
"modified": "2026-06-30T03:36:32Z",
"published": "2026-05-06T12:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43114"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-43114"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466994"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/07de44424bb7f17ef9357e8535df96d9e97c40cb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0abbc43f71d99baadeeba6fa3fe1c80b676f57ed"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1c43f0dd8691ddf8884793b481ddc7511cf593c3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3d53f9aafd469ae1ea27051e00f5b96ca1b55d52"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c7babe2f28b507e17f28e9f753b7caec72d4857f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d3c0037ffe1273fa1961e779ff6906234d6cf53c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f8c39983fc9c1a978c82e6f2df7bfba8a8561587"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fa4f1f52528c73989d820f32bfca06bec5afeece"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43114.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-C7MR-H37W-H53J
Vulnerability from github – Published: 2025-07-11 18:30 – Updated: 2025-07-11 18:30A Use of Incorrect Operator
vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to bypass security restrictions.
When a firewall filter which is applied to the lo0 or re:mgmt interface references a prefix list with 'from prefix-list', and that prefix list contains more than 10 entries, the prefix list doesn't match and packets destined to or from the local device are not filtered.
This issue affects firewall filters applied to the re:mgmt interfaces as input and output, but only affects firewall filters applied to the lo0 interface as output. This issue is applicable to IPv4 and IPv6 as a prefix list can contain IPv4 and IPv6 prefixes. This issue affects Junos OS Evolved:
- 23.2R2-S3-EVO versions before 23.2R2-S4-EVO,
- 23.4R2-S3-EVO versions before 23.4R2-S5-EVO,
- 24.2R2-EVO versions before 24.2R2-S1-EVO,
- 24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.
This issue doesn't not affect Junos OS Evolved versions before 23.2R1-EVO.
{
"affected": [],
"aliases": [
"CVE-2025-52985"
],
"database_specific": {
"cwe_ids": [
"CWE-480"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-11T16:15:25Z",
"severity": "MODERATE"
},
"details": "A Use of Incorrect Operator\n\nvulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to bypass security restrictions.\n\nWhen a firewall filter which is applied to the lo0 or re:mgmt interface references a prefix list with \u0027from prefix-list\u0027, and that prefix list contains more than 10 entries, the prefix list doesn\u0027t match and packets destined to or from the local device are not filtered.\n\n\nThis issue affects firewall filters applied to the re:mgmt interfaces as input and output, but only affects firewall filters applied to the lo0 interface as output.\nThis issue is applicable to IPv4 and IPv6 as a prefix list can contain IPv4 and IPv6 prefixes.\nThis issue affects Junos OS Evolved:\n\n * 23.2R2-S3-EVO versions before 23.2R2-S4-EVO,\n * 23.4R2-S3-EVO versions before 23.4R2-S5-EVO,\n * 24.2R2-EVO versions before 24.2R2-S1-EVO,\n * 24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.\n\n\nThis issue doesn\u0027t not affect Junos OS Evolved versions before 23.2R1-EVO.",
"id": "GHSA-c7mr-h37w-h53j",
"modified": "2025-07-11T18:30:33Z",
"published": "2025-07-11T18:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52985"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA100091"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-CMC7-MFMR-XQRX
Vulnerability from github – Published: 2021-04-07 21:01 – Updated: 2024-10-21 21:02before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or).
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "proxy.py"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-3116"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-480",
"CWE-697"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-06T21:58:49Z",
"nvd_published_at": "2021-01-11T05:15:00Z",
"severity": "HIGH"
},
"details": "before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or).",
"id": "GHSA-cmc7-mfmr-xqrx",
"modified": "2024-10-21T21:02:47Z",
"published": "2021-04-07T21:01:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3116"
},
{
"type": "WEB",
"url": "https://github.com/abhinavsingh/proxy.py/pull/482"
},
{
"type": "WEB",
"url": "https://github.com/abhinavsingh/proxy.py/pull/482/commits/9b00093288237f5073c403f2c4f62acfdfa8ed46"
},
{
"type": "WEB",
"url": "https://github.com/abhinavsingh/proxy.py/commit/bff171ec26d826ae1d22d2466eaf9d8bdbf059d3"
},
{
"type": "WEB",
"url": "https://cardaci.xyz/advisories/2021/01/10/proxy.py-2.3.0-broken-basic-authentication"
},
{
"type": "PACKAGE",
"url": "https://github.com/abhinavsingh/proxy.py"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-cmc7-mfmr-xqrx"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/proxy-py/PYSEC-2021-46.yaml"
},
{
"type": "WEB",
"url": "https://pypi.org/project/proxy.py/2.3.1/#history"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Logic error in authentication in proxy.py"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.