Common Weakness Enumeration

CWE-755

Discouraged

Improper Handling of Exceptional Conditions

Abstraction: Class · Status: Incomplete

The product does not handle or incorrectly handles an exceptional condition.

685 vulnerabilities reference this CWE, most recent first.

GHSA-RCM3-8WQ2-RCC2

Vulnerability from github – Published: 2024-06-06 18:30 – Updated: 2024-06-06 18:30
VLAI
Details

mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform Server-Side Request Forgery (SSRF) attacks. The vulnerabilities are present in the /request-token, /workspace/:slug/thread/:threadSlug/update, /system/remove-logo, /system/logo, and collector's /process endpoints. These issues are due to the application's failure to properly validate user input before passing it to prisma functions and other critical operations. Affected versions include the latest version prior to 1.0.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-3152"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-755",
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-06T18:15:17Z",
    "severity": "HIGH"
  },
  "details": "mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform Server-Side Request Forgery (SSRF) attacks. The vulnerabilities are present in the `/request-token`, `/workspace/:slug/thread/:threadSlug/update`, `/system/remove-logo`, `/system/logo`, and collector\u0027s `/process` endpoints. These issues are due to the application\u0027s failure to properly validate user input before passing it to `prisma` functions and other critical operations. Affected versions include the latest version prior to 1.0.0.",
  "id": "GHSA-rcm3-8wq2-rcc2",
  "modified": "2024-06-06T18:30:57Z",
  "published": "2024-06-06T18:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3152"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mintplex-labs/anything-llm/commit/200bd7f0615347ed2efc07903d510e5a208b0afc"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/46034fa0-d623-49f8-8ee8-390390181373"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RCW6-69H3-89FH

Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2025-10-22 00:31
VLAI
Details

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-7247"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252",
      "CWE-755",
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-29T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the \"uncommented\" default configuration. The issue exists because of an incorrect return value upon failure of input validation.",
  "id": "GHSA-rcw6-69h3-89fh",
  "modified": "2025-10-22T00:31:50Z",
  "published": "2022-05-24T17:07:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7247"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2020/Jan/51"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4268-1"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-7247"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4611"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/390745"
    },
    {
      "type": "WEB",
      "url": "https://www.openbsd.org/security.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/Jan/49"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/01/28/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RJ77-CP45-4Q8H

Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-05-24 17:35
VLAI
Details

An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR Agent from starting when the software or machine is restarted. This issue impacts: Cortex XDR Agent 5.0 versions earlier than 5.0.10; Cortex XDR Agent 6.1 versions earlier than 6.1.7; Cortex XDR Agent 7.0 versions earlier than 7.0.3; Cortex XDR Agent 7.1 versions earlier than 7.1.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-2020"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-09T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software\u0027s internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR Agent from starting when the software or machine is restarted. This issue impacts: Cortex XDR Agent 5.0 versions earlier than 5.0.10; Cortex XDR Agent 6.1 versions earlier than 6.1.7; Cortex XDR Agent 7.0 versions earlier than 7.0.3; Cortex XDR Agent 7.1 versions earlier than 7.1.2.",
  "id": "GHSA-rj77-cp45-4q8h",
  "modified": "2022-05-24T17:35:31Z",
  "published": "2022-05-24T17:35:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2020"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2020-2020"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-RJ7R-7XGG-2MRC

Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2023-12-31 21:30
VLAI
Details

An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-16895"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-16T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka \u0027Windows Error Reporting Manager Elevation of Privilege Vulnerability\u0027.",
  "id": "GHSA-rj7r-7xgg-2mrc",
  "modified": "2023-12-31T21:30:22Z",
  "published": "2022-05-24T17:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16895"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16895"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RJJW-VJJ8-Q96X

Vulnerability from github – Published: 2024-02-21 15:30 – Updated: 2024-06-03 18:55
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: tls: handle backlogging of crypto requests

Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRESS in valid situations. For example, when the cryptd queue for AESNI is full (easy to trigger with an artificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued to the backlog but still processed. In that case, the async callback will also be called twice: first with err == -EINPROGRESS, which it seems we can just ignore, then with err == 0.

Compared to Sabrina's original patch this version uses the new tls_*crypt_async_wait() helpers and converts the EBUSY to EINPROGRESS to avoid having to modify all the error handling paths. The handling is identical.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26584"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-21T15:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tls: handle backlogging of crypto requests\n\nSince we\u0027re setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our\nrequests to the crypto API, crypto_aead_{encrypt,decrypt} can return\n -EBUSY instead of -EINPROGRESS in valid situations. For example, when\nthe cryptd queue for AESNI is full (easy to trigger with an\nartificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued\nto the backlog but still processed. In that case, the async callback\nwill also be called twice: first with err == -EINPROGRESS, which it\nseems we can just ignore, then with err == 0.\n\nCompared to Sabrina\u0027s original patch this version uses the new\ntls_*crypt_async_wait() helpers and converts the EBUSY to\nEINPROGRESS to avoid having to modify all the error handling\npaths. The handling is identical.",
  "id": "GHSA-rjjw-vjj8-q96x",
  "modified": "2024-06-03T18:55:49Z",
  "published": "2024-02-21T15:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26584"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/13eca403876bbea3716e82cdfe6f1e6febb38754"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3ade391adc584f17b5570fd205de3ad029090368"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8590541473188741055d27b955db0777569438e3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ab6397f072e5097f267abf5cb08a8004e6b17694"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cd1bbca03f3c1d845ce274c0d0a66de8e5929f72"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OX4EWCYDZRTOEMC2C6OF7ZACAP23SUB5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RQ2F-RGC6-GFH9

Vulnerability from github – Published: 2022-05-13 01:19 – Updated: 2022-05-13 01:19
VLAI
Details

Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests. A remote authenticated user may construct malicious requests to cause the traffic controller to leave dangling TCP connections, which could cause denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-1269"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-06T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests. A remote authenticated user may construct malicious requests to cause the traffic controller to leave dangling TCP connections, which could cause denial of service.",
  "id": "GHSA-rq2f-rgc6-gfh9",
  "modified": "2022-05-13T01:19:03Z",
  "published": "2022-05-13T01:19:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1269"
    },
    {
      "type": "WEB",
      "url": "https://www.cloudfoundry.org/blog/cve-2018-1269"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RQG9-G4FR-3CFJ

Vulnerability from github – Published: 2022-03-25 00:00 – Updated: 2022-03-25 00:00
VLAI
Details

NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-21820"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-24T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity.",
  "id": "GHSA-rqg9-g4fr-3cfj",
  "modified": "2022-03-25T00:00:33Z",
  "published": "2022-03-25T00:00:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21820"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5328"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/167396/NVIDIA-Data-Center-GPU-Manager-Remote-Memory-Corruption.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RQW4-WGG4-99M9

Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2024-01-23 18:31
VLAI
Details

A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects: MongoDB Server version 4.4 prior to 4.4.1. Versions before 4.4 are not affected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-7926"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-23T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects: MongoDB Server version 4.4 prior to 4.4.1. Versions before 4.4 are not affected.",
  "id": "GHSA-rqw4-wgg4-99m9",
  "modified": "2024-01-23T18:31:08Z",
  "published": "2022-05-24T17:34:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7926"
    },
    {
      "type": "WEB",
      "url": "https://jira.mongodb.org/browse/SERVER-50170"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RVXM-FXRP-Q47C

Vulnerability from github – Published: 2022-05-24 17:13 – Updated: 2022-10-22 12:00
VLAI
Details

When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may improperly handle the incoming malformed data and fail to sanitize this incoming data resulting in an overflow condition. This overflow condition in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) condition by coring the CFM daemon. Continued receipt of these packets may cause an extended Denial of Service condition. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95 on SRX Series; 14.1X50 versions prior to 14.1X50-D145; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R2; 15.1X49 versions prior to 15.1X49-D170 on SRX Series; 15.1X53 versions prior to 15.1X53-D67.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-1639"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-08T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may improperly handle the incoming malformed data and fail to sanitize this incoming data resulting in an overflow condition. This overflow condition in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) condition by coring the CFM daemon. Continued receipt of these packets may cause an extended Denial of Service condition. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95 on SRX Series; 14.1X50 versions prior to 14.1X50-D145; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R2; 15.1X49 versions prior to 15.1X49-D170 on SRX Series; 15.1X53 versions prior to 15.1X53-D67.",
  "id": "GHSA-rvxm-fxrp-q47c",
  "modified": "2022-10-22T12:00:29Z",
  "published": "2022-05-24T17:13:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1639"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RXQ5-5W2F-G92R

Vulnerability from github – Published: 2025-01-09 18:32 – Updated: 2025-01-09 18:32
VLAI
Details

An Improper Handling of Exceptional Conditions vulnerability in the command-line processing of Juniper Networks Junos OS on SRX1500, SRX4100, and SRX4200 devices allows a local, low-privileged authenticated attacker executing the 'show chassis environment pem' command to cause the chassis daemon (chassisd) to crash and restart, resulting in a temporary Denial of Service (DoS). However, repeated execution of this command will eventually cause the chassisd process to fail to restart, impacting packet processing on the system.

This issue affects Junos OS on SRX1500, SRX4100, SRX4200: 

  • All versions before 21.4R3-S9, 
  • from 22.2 before 22.2R3-S5, 
  • from 22.3 before 22.3R3-S4, 
  • from 22.4 before 22.4R3-S4, 
  • from 23.2 before 23.2R2-S3, 
  • from 23.4 before 23.4R2-S1.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21596"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-09T17:15:18Z",
    "severity": "MODERATE"
  },
  "details": "An Improper Handling of Exceptional Conditions vulnerability in the command-line processing of Juniper Networks Junos OS on SRX1500, SRX4100, and SRX4200 devices allows a local, low-privileged authenticated attacker executing the \u0027show chassis environment pem\u0027 command to cause the chassis daemon (chassisd) to crash and restart, resulting in a temporary Denial of Service (DoS). However, repeated execution of this command will eventually cause the chassisd process to fail to restart, impacting packet processing on the system.\n\nThis issue affects Junos OS on SRX1500, SRX4100, SRX4200:\u00a0\n\n\n\n  *  All versions before 21.4R3-S9,\u00a0\n  *  from 22.2 before 22.2R3-S5,\u00a0\n  *  from 22.3 before 22.3R3-S4,\u00a0\n  *  from 22.4 before 22.4R3-S4,\u00a0\n  *  from 23.2 before 23.2R2-S3,\u00a0\n  *  from 23.4 before 23.4R2-S1.",
  "id": "GHSA-rxq5-5w2f-g92r",
  "modified": "2025-01-09T18:32:15Z",
  "published": "2025-01-09T18:32:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21596"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA92864"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:X/RE:M/U:X",
      "type": "CVSS_V4"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.