‼ CVE-2023-36831 ‼
📖 Read
via "National Vulnerability Database".
An Improper Check or Handling of Exceptional Conditions vulnerability in the UTM (Unified Threat Management) Web-Filtering feature of Juniper Networks Junos OS on SRX Series causes a jbuf memory leak to occur when accessing certain websites, eventually leading to a Denial of Service (DoS) condition. Service restoration is only possible by rebooting the system.The jbuf memory leak only occurs in SSL Proxy and UTM Web-Filtering configurations. Other products, platforms, and configurations are not affected by this vulnerability.This issue affects Juniper Networks Junos OS on SRX Series:22.2 versions prior to 22.2R3;22.3 versions prior to 22.3R2-S1, 22.3R3;22.4 versions prior to 22.4R1-S2, 22.4R2.This issue does not affect Juniper Networks Junos OS versions prior to 22.2R2.📖 Read
via "National Vulnerability Database".
⚠ S3 Ep143: Supercookie surveillance shenanigans ⚠
📖 Read
via "Naked Security".
Latest episode - listen now! (Full transcript inside.)📖 Read
via "Naked Security".
Naked Security
S3 Ep143: Supercookie surveillance shenanigans
Latest episode – listen now! (Full transcript inside.)
❤2
🕴 Zimbra Zero-Day Demands Urgent Manual Update 🕴
📖 Read
via "Dark Reading".
A bug in Zimbra email servers is already being exploited in the wild, Google TAG researchers warn.📖 Read
via "Dark Reading".
Dark Reading
Zimbra Zero-Day Demands Urgent Manual Update
A bug in Zimbra email servers is already being exploited in the wild, Google TAG researchers warn.
🕴 Rogue Azure AD Guests Can Steal Data via Power Apps 🕴
📖 Read
via "Dark Reading".
A few default guest setting manipulations in Azure AD and over-promiscuous low-code app developer connections can upend data protections.📖 Read
via "Dark Reading".
Dark Reading
Rogue Azure AD Guests Can Steal Data via Power Apps
A few default guest setting manipulations in Azure AD and over-promiscuous low-code app developer connections can upend data protections.
‼ CVE-2023-28985 ‼
📖 Read
via "National Vulnerability Database".
An Improper Validation of Syntactic Correctness of Input vulnerability in Intrusion Detection and Prevention (IDP) of Juniper Networks SRX Series and MX Series allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). Continued receipt of this specific packet will cause a sustained Denial of Service condition.On all SRX Series and MX Series platforms, where IDP is enabled and a specific malformed SSL packet is received, the SSL detector crashes leading to an FPC core.This issue affects Juniper Networks SRX Series and MX Series prior to SigPack 3598.In order to identify the current SigPack version, following command can be used:user@junos# show security idp security-package-version📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36838 ‼
📖 Read
via "National Vulnerability Database".
An Out-of-bounds Read vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a local, authenticated attacker with low privileges, to cause a Denial of Service (DoS).If a low privileged user executes a specific CLI command, flowd which is responsible for traffic forwarding in SRX crashes and generates a core dump. This will cause temporary traffic interruption until the flowd process is restarted automatically. Continued execution of this command will lead to a sustained DoS.This issue affects Juniper Networks Junos OS on SRX Series:All versions prior to 20.2R3-S7;20.3 version 20.3R1 and later versions;20.4 versions prior to 20.4R3-S6;21.1 versions prior to 21.1R3-S5;21.2 versions prior to 21.2R3-S4;21.3 versions prior to 21.3R3-S4;21.4 versions prior to 21.4R3-S3;22.1 versions prior to 22.1R3-S1;22.2 versions prior to 22.2R3;22.3 versions prior to 22.3R2;22.4 versions prior to 22.4R1-S1, 22.4R2.📖 Read
via "National Vulnerability Database".
🦿 White House Launches Cybersecurity Implementation Plan 🦿
📖 Read
via "Tech Republic".
The White House has announced the first iteration of the National Cybersecurity Implementation Plan. Read on to learn more about the plan and alignment with the five essential pillars.📖 Read
via "Tech Republic".
TechRepublic
White House Launches Cybersecurity Implementation Plan
The White House has announced the first iteration of the National Cybersecurity Implementation Plan. Read on to learn more about the plan and alignment with the five essential pillars.
‼ CVE-2023-35692 ‼
📖 Read
via "National Vulnerability Database".
In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36832 ‼
📖 Read
via "National Vulnerability Database".
An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series allows an unauthenticated network-based attacker to send specific packets to an Aggregated Multiservices (AMS) interface on the device, causing the packet forwarding engine (PFE) to crash, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.This issue is only triggered by packets destined to a local-interface via a service-interface (AMS). AMS is only supported on the MS-MPC, MS-MIC, and MX-SPC3 cards. This issue is not experienced on other types of interfaces or configurations. Additionally, transit traffic does not trigger this issue.This issue affects Juniper Networks Junos OS on MX Series:All versions prior to 19.1R3-S10;19.2 versions prior to 19.2R3-S7;19.3 versions prior to 19.3R3-S8;19.4 versions prior to 19.4R3-S12;20.2 versions prior to 20.2R3-S8;20.4 versions prior to 20.4R3-S7;21.1 versions prior to 21.1R3-S5;21.2 versions prior to 21.2R3-S5;21.3 versions prior to 21.3R3-S4;21.4 versions prior to 21.4R3-S3;22.1 versions prior to 22.1R3-S2;22.2 versions prior to 22.2R3;22.3 versions prior to 22.3R2-S1, 22.3R3;22.4 versions prior to 22.4R1-S2, 22.4R2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36833 ‼
📖 Read
via "National Vulnerability Database".
A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).The process 'aftman-bt' will crash after multiple flaps on a multicast-only fast reroute (MoFRR) enabled interface. This will cause the respective FPC to stop forwarding traffic and it needs to be rebooted to restore the service.An indication that the system experienced this issue is the following log message:Â <date> <hostname> evo-aftmand-bt[<pid>]: [Error] jexpr_fdb: sanity check failed, ... , app_name L3 Mcast RoutesThis issue affects Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202:21.2 version 21.2R1-EVO and later versions;21.3 version 21.3R1-EVO and later versions;21.4 versions prior to 21.4R3-S3-EVO;22.1 version 22.1R1-EVO and later versions;22.2 versions prior to 22.2R3-S2-EVO;22.3 versions prior to 22.3R3-EVO;22.4 versions prior to 22.4R1-S2-EVO, 22.4R2-EVO.📖 Read
via "National Vulnerability Database".
🕴 Healthcare Innovation: A Safe and Secure Approach 🕴
📖 Read
via "Dark Reading".
Six focus areas to address the top security challenges facing healthcare organizations today.📖 Read
via "Dark Reading".
Dark Reading
Healthcare Innovation: A Safe and Secure Approach
Six focus areas to address the top security challenges facing healthcare organizations today.
❤1
‼ CVE-2023-32761 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to execute arbitrary code via a crafted request.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36849 ‼
📖 Read
via "National Vulnerability Database".
An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS).When a malformed LLDP packet is received, l2cpd will crash and restart. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. Continued receipt of such packets will lead to a sustained Denial of Service.This issue affects:Juniper Networks Junos OS21.4 versions prior to 21.4R3-S3;22.1 versions prior to 22.1R3-S3;22.2 versions prior to 22.2R2-S1, 22.2R3;22.3 versions prior to 22.3R2.Juniper Networks Junos OS Evolved21.4-EVO versions prior to 21.4R3-S2-EVO;22.1-EVO versions prior to 22.1R3-S3-EVO;22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO;22.3-EVO versions prior to 22.3R2-EVO.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38252 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36883 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Edge for iOS Spoofing Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36887 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38253 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36848 ‼
📖 Read
via "National Vulnerability Database".
An Improper Handling of Undefined Values vulnerability in the periodic packet management daemon (PPMD) of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS).When a malformed CFM packet is received, it leads to an FPC crash. Continued receipt of these packets causes a sustained denial of service. This vulnerability occurs only when CFM has been configured on the interface.This issue affects Juniper Networks Junos OS:versions prior to 19.1R3-S10 on MX Series;19.2 versions prior to 19.2R3-S7 on MX Series;19.3 versions prior to 19.3R3-S8 on MX Series;19.4 versions prior to 19.4R3-S12 on MX Series;20.1 version 20.1R1 and later versions on MX Series;20.2 versions prior to 20.2R3-S8 on MX Series;20.3 version 20.3R1 and later versions on MX Series;20.4 versions prior to 20.4R3-S7 on MX Series;21.1 versions prior to 21.1R3-S5 on MX Series;21.2 versions prior to 21.2R3-S5 on MX Series;21.3 versions prior to 21.3R3-S4 on MX Series;21.4 versions prior to 21.4R3-S4 on MX Series;22.1 versions prior to 22.1R3-S3 on MX Series;22.2 versions prior to 22.2R3-S1 on MX Series;22.3 versions prior to 22.3R3 on MX Series;22.4 versions prior to 22.4R1-S2, 22.4R2 on MX Series.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36850 ‼
📖 Read
via "National Vulnerability Database".
An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Connectivity Fault Management(CFM) module of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an adjacent attacker on the local broadcast domain to cause a Denial of Service(DoS).Upon receiving a malformed CFM packet, the MPC crashes. Continued receipt of these packets causes a sustained denial of service. This issue can only be triggered when CFM hasn't been configured.This issue affects:Juniper Networks Junos OSAll versions prior to 19.1R3-S10 on MX Series;19.2 versions prior to 19.2R3-S7 on MX Series;19.3 versions prior to 19.3R3-S8 on MX Series;19.4 versions prior to 19.4R3-S12 on MX Series;20.1 version 20.1R1 and later versions on MX Series;20.2 versions prior to 20.2R3-S7 on MX Series;20.3 version 20.3R1 and later versions on MX Series;20.4 versions prior to 20.4R3-S7 on MX Series;21.1 versions prior to 21.1R3-S5 on MX Series;21.2 versions prior to 21.2R3-S4 on MX Series;21.3 versions prior to 21.3R3-S4 on MX Series;21.4 versions prior to 21.4R3-S3 on MX Series;22.1 versions prior to 22.1R3-S2 on MX Series;22.2 versions prior to 22.2R3 on MX Series;22.3 versions prior to 22.3R2, 22.3R3 on MX Series;22.4 versions prior to 22.4R2 on MX Series.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32759 ‼
📖 Read
via "National Vulnerability Database".
An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37223 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows a remote authenticated attacker to execute arbitrary code via a crafted malicious script.📖 Read
via "National Vulnerability Database".