βΌ CVE-2023-27314 βΌ
π Read
via "National Vulnerability Database".
ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to cause a crash of the HTTP service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37637 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-38817. Reason: This record is a reservation duplicate of CVE-2023-38817. Notes: All CVE users should reference CVE-2023-38817 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23632 βΌ
π Read
via "National Vulnerability Database".
BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the secret.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45510 βΌ
π Read
via "National Vulnerability Database".
tsMuxer version git-2539d07 was discovered to contain an alloc-dealloc-mismatch (operator new [] vs operator delete) error.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5562 βΌ
π Read
via "National Vulnerability Database".
An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. When KNIME Analytics Platform is used as an executor for either KNIME Server or KNIME Business Hub several JavaScript-based view nodes do not sanitize the data that is displayed by default. If the data to be displayed contains JavaScript this code is executed in the browser and can perform any operations that the current user is allowed to perform silently.KNIME Analytics Platform already has configuration options with which sanitization of data can be actived, see https://docs.knime.com/latest/webportal_admin_guide/index.html#html-sanitization-webportal https://docs.knime.com/latest/webportal_admin_guide/index.html#html-sanitization-webportal . However, these are off by default which allows for cross-site scripting attacks.KNIME Analytics Platform 5.2.0 will enable sanitization by default. For all previous releases we recommend users to add the corresponding settings to the executor's knime.ini.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45511 βΌ
π Read
via "National Vulnerability Database".
A memory leak in tsMuxer version git-2539d07 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.π Read
via "National Vulnerability Database".
π΄ Making the Case for Cryptographic Agility and Orchestration π΄
π Read
via "Dark Reading".
Finding the right post-quantum cryptographic (PQC) algorithms is necessary, but not sufficient, to future-proof cybersecurity.π Read
via "Dark Reading".
Dark Reading
Making the Case for Cryptographic Agility and Orchestration
Finding the right post-quantum cryptographic (PQC) algorithms is necessary, but not sufficient, to future-proof cybersecurity.
βΌ CVE-2023-36839 βΌ
π Read
via "National Vulnerability Database".
An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker who sends specific LLDP packets to cause a Denial of Service(DoS).This issue occurs when specific LLDP packets are received and telemetry polling is being done on the device. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected.This issue affects:Juniper Networks Junos OS * All versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2-S2; * 22.4 versions prior to 22.4R2;Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S8-EVO; * 21.1 version 21.1R1-EVO and later versions; * 21.2 versions prior to 21.2R3-S5-EVO; * 21.3 versions prior to 21.3R3-S4-EVO; * 21.4 versions prior to 21.4R3-S3-EVO; * 22.1 versions prior to 22.1R3-S2-EVO; * 22.2 versions prior to 22.2R3-EVO; * 22.3 versions prior to 22.3R2-S2-EVO; * 22.4 versions prior to 22.4R1-S1-EVO;π Read
via "National Vulnerability Database".
βΌ CVE-2023-22392 βΌ
π Read
via "National Vulnerability Database".
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).PTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs do not support certain flow-routes. Once a flow-route is received over an established BGP session and an attempt is made to install the resulting filter into the PFE, FPC heap memory is leaked. The FPC heap memory can be monitored using the CLI command "show chassis fpc".The following syslog messages can be observed if the respective filter derived from a flow-route cannot be installed.expr_dfw_sfm_range_add:661 SFM packet-length Unable to get a sfm entry for updating the hwexpr_dfw_hw_sfm_add:750 Unable to add the filter secondarymatch to the hardwareexpr_dfw_base_hw_add:52 Failed to add h/w sfm data.expr_dfw_base_hw_create:114 Failed to add h/w data.expr_dfw_base_pfe_inst_create:241 Failed to create base inst for sfilter 0 on PFE 0 for __flowspec_default_inet__expr_dfw_flt_inst_change:1368 Failed to create __flowspec_default_inet__ on PFE 0expr_dfw_hw_pgm_fnum:465 dfw_pfe_inst_old not found for pfe_index 0!expr_dfw_bp_pgm_flt_num:548 Failed to pgm bind-point in hw: generic failureexpr_dfw_bp_topo_handler:1102 Failed to program fnum.expr_dfw_entry_process_change:679 Failed to change instance for filter __flowspec_default_inet__.This issue affects Juniper Networks Junos OS:on PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R3; * 21.4 versions prior to 21.4R2-S2, 21.4R3; * 22.1 versions prior to 22.1R1-S2, 22.1R2.on PTX3000, PTX5000, QFX10000: * All versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3 * 22.2 versions prior to 22.2R3-S1 * 22.3 versions prior to 22.3R2-S2, 22.3R3 * 22.4 versions prior to 22.4R2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41261 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV does not require authentication and allows an unauthenticated user to export a report and access the results.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36843 βΌ
π Read
via "National Vulnerability Database".
An Improper Handling of Inconsistent Special Elements vulnerability in the Junos Services Framework (jsf) module of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a crash in the Packet Forwarding Engine (pfe) and thereby resulting in a Denial of Service (DoS).Upon receiving malformed SSL traffic, the PFE crashes. A manual restart will be needed to recover the device.This issue only affects devices with Juniper Networks Advanced Threat Prevention (ATP) Cloud enabled with Encrypted Traffic Insights (configured via Γ’β¬Λsecurity-metadata-streaming policyΓ’β¬β’).This issue affects Juniper Networks Junos OS: * All versions prior to 20.4R3-S8, 20.4R3-S9; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3;π Read
via "National Vulnerability Database".
βΌ CVE-2023-41263 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types, an unauthenticated attacker can download debug logs containing application-related information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44175 βΌ
π Read
via "National Vulnerability Database".
A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS).Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.Note: This issue is not noticed when all the devices in the network are Juniper devices.This issue affects Juniper Networks:Junos OS: * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3.Junos OS Evolved: * All versions prior to 22.3R3-EVO; * 22.4-EVO versions prior to 22.4R3-EVO; * 23.2-EVO versions prior to 23.2R1-EVO.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41262 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application's backend database server.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36841 βΌ
π Read
via "National Vulnerability Database".
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows a unauthenticated network-based attacker to cause an infinite loop, resulting in a Denial of Service (DoS).An attacker who sends malformed TCP traffic via an interface configured with PPPoE, causes an infinite loop on the respective PFE. This results in consuming all resources and a manual restart is needed to recover.This issue affects interfaces with PPPoE configured and tcp-mss enabled.This issue affects Juniper Networks Junos OS * All versions prior to 20.4R3-S7; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2-S2; * 22.4 versions prior to 22.4R2;π Read
via "National Vulnerability Database".
βΌ CVE-2023-27316 βΌ
π Read
via "National Vulnerability Database".
SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.π Read
via "National Vulnerability Database".
π¦Ώ Windscribe VPN Review (2023): Is It a Reliable VPN for You? π¦Ώ
π Read
via "Tech Republic".
We evaluate the features, performance, security, and pricing of Windscribe VPN to help you determine if it's a reliable VPN service for your needs.π Read
via "Tech Republic".
TechRepublic
Windscribe VPN Review (2025): Features, Pricing, and Security
We evaluate the features, performance, security, and pricing of Windscribe VPN to help you determine if it's a reliable VPN service for your needs.
βΌ CVE-2023-38249 βΌ
π Read
via "National Vulnerability Database".
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26366 βΌ
π Read
via "National Vulnerability Database".
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application's path boundary.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38250 βΌ
π Read
via "National Vulnerability Database".
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38219 βΌ
π Read
via "National Vulnerability Database".
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimΓ’β¬β’s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact.π Read
via "National Vulnerability Database".