SB2026050646 - Multiple vulnerabilities in Juniper Secure Analytics
Published: May 6, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 17 vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2025-68800)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_mr_route_add() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c. A local user can escalate privileges on the system.
2) Improper locking (CVE-ID: CVE-2026-23097)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the unmap_and_move_huge_page() function in mm/migrate.c. A local user can perform a denial of service (DoS) attack.
3) Use-after-free (CVE-ID: CVE-2026-23074)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the teql_qdisc_init() function in net/sched/sch_teql.c. A local user can escalate privileges on the system.
4) Use-after-free (CVE-ID: CVE-2026-23001)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the macvlan_hash_lookup_source(), macvlan_hash_add_source(), macvlan_hash_add(), macvlan_flush_sources(), macvlan_forward_source() and macvlan_fill_info_macaddr() functions in drivers/net/macvlan.c. A local user can escalate privileges on the system.
5) Resource management error (CVE-ID: CVE-2025-71085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the calipso_skbuff_setattr() function in net/ipv6/calipso.c. A local user can perform a denial of service (DoS) attack.
6) Out-of-bounds write (CVE-ID: CVE-2025-69419)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a boundary error within the PKCS12_get_friendlyname() function when parsing PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point. A remote attacker can pass a specially crafted PKCS#12 file to the application, trigger an out-of-bounds write and perform a denial of service attack.
7) Use-after-free (CVE-ID: CVE-2025-40064)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smc_pnet_find_ism_by_pnetid() function in net/smc/smc_pnet.c. A local user can escalate privileges on the system.
8) Heap-based buffer overflow (CVE-ID: CVE-2025-11083)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the elf_swap_shdr() function in bfd/elfcode.h. A local user can trigger a heap-based buffer overflow and execute arbitrary code on the target system.
9) Use-after-free (CVE-ID: CVE-2025-38248)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the br_multicast_port_ctx_init() function in net/bridge/br_multicast.c. A local user can escalate privileges on the system.
10) Use-after-free (CVE-ID: CVE-2025-38129)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the page_pool_ethtool_stats_get(), page_pool_return_page() and page_pool_scrub() functions in net/core/page_pool.c. A local user can escalate privileges on the system.
11) Integer overflow (CVE-ID: CVE-2025-12818)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in multiple PostgreSQL libpq client library functions. A remote user can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Out-of-bounds read (CVE-ID: CVE-2025-9086)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when reading cookie path. A malicious server can set a specially crafted cookie path using the secure keyword, trigger an out-of-bounds read error and crash the application.
13) Out-of-bounds read (CVE-ID: CVE-2025-66293)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the png_image_read_composite() function. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
14) Heap-based buffer overflow (CVE-ID: CVE-2025-65018)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the png_image_finish_read() function when processing 16-bit interlaced PNGs with 8-bit output format. A remote attacker can pass a specially crafted image file to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Out-of-bounds read (CVE-ID: CVE-2025-64720)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the png_image_read_composite() function when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. A remote attacker can pass a specially crafted image file to the application, trigger an out-of-bounds read error and read contents of memory on the system.
16) Input validation error (CVE-ID: CVE-2025-39971)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i40e_vc_config_queues_msg() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
17) Improper locking (CVE-ID: CVE-2025-39697)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs_page_set_inode_ref(), nfs_page_group_lock() and nfs_inode_remove_request() functions in fs/nfs/write.c, within the nfs_page_group_unlock() function in fs/nfs/pagelist.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.