Vulnerabilities

A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).<br /> <br /> The process &amp;#39;aftman-bt&amp;#39; will crash after multiple flaps on a multicast-only fast reroute (MoFRR) enabled interface. This will cause the respective FPC to stop forwarding traffic and it needs to be rebooted to restore the service.<br /> <br /> An indication that the system experienced this issue is the following log message:<br /> <br />   evo-aftmand-bt[]: [Error] jexpr_fdb: sanity check failed, ... , app_name L3 Mcast Routes<br /> <br /> <br /> <br /> <br /> This issue affects Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202:<br /> 21.2 version 21.2R1-EVO and later versions;<br /> 21.3 version 21.3R1-EVO and later versions;<br /> 21.4 versions prior to 21.4R3-S3-EVO;<br /> 22.1 version 22.1R1-EVO and later versions;<br /> 22.2 versions prior to 22.2R3-S2-EVO;<br /> 22.3 versions prior to 22.3R3-EVO;<br /> 22.4 versions prior to 22.4R1-S2-EVO, 22.4R2-EVO.<br /> <br /> <br /> <br />

An Out-of-bounds Read vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a local, authenticated attacker with low privileges, to cause a Denial of Service (DoS).<br /> <br /> If a low privileged user executes a specific CLI command, flowd which is responsible for traffic forwarding in SRX crashes and generates a core dump. This will cause temporary traffic interruption until the flowd process is restarted automatically. Continued execution of this command will lead to a sustained DoS.<br /> <br /> This issue affects Juniper Networks Junos OS on SRX Series:<br /> All versions prior to 20.2R3-S7;<br /> 20.3 version 20.3R1 and later versions;<br /> 20.4 versions prior to 20.4R3-S6;<br /> 21.1 versions prior to 21.1R3-S5;<br /> 21.2 versions prior to 21.2R3-S4;<br /> 21.3 versions prior to 21.3R3-S4;<br /> 21.4 versions prior to 21.4R3-S3;<br /> 22.1 versions prior to 22.1R3-S1;<br /> 22.2 versions prior to 22.2R3;<br /> 22.3 versions prior to 22.3R2;<br /> 22.4 versions prior to 22.4R1-S1, 22.4R2.<br />

In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.<br /> <br />

An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series allows an unauthenticated network-based attacker to send specific packets to an Aggregated Multiservices (AMS) interface on the device, causing the packet forwarding engine (PFE) to crash, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.<br /> <br /> This issue is only triggered by packets destined to a local-interface via a service-interface (AMS). AMS is only supported on the MS-MPC, MS-MIC, and MX-SPC3 cards. This issue is not experienced on other types of interfaces or configurations. Additionally, transit traffic does not trigger this issue.<br /> <br /> This issue affects Juniper Networks Junos OS on MX Series:<br /> All versions prior to 19.1R3-S10;<br /> 19.2 versions prior to 19.2R3-S7;<br /> 19.3 versions prior to 19.3R3-S8;<br /> 19.4 versions prior to 19.4R3-S12;<br /> 20.2 versions prior to 20.2R3-S8;<br /> 20.4 versions prior to 20.4R3-S7;<br /> 21.1 versions prior to 21.1R3-S5;<br /> 21.2 versions prior to 21.2R3-S5;<br /> 21.3 versions prior to 21.3R3-S4;<br /> 21.4 versions prior to 21.4R3-S3;<br /> 22.1 versions prior to 22.1R3-S2;<br /> 22.2 versions prior to 22.2R3;<br /> 22.3 versions prior to 22.3R2-S1, 22.3R3;<br /> 22.4 versions prior to 22.4R1-S2, 22.4R2.<br />

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

An Improper Check or Handling of Exceptional Conditions vulnerability in the UTM (Unified Threat Management) Web-Filtering feature of Juniper Networks Junos OS on SRX Series causes a jbuf memory leak to occur when accessing certain websites, eventually leading to a Denial of Service (DoS) condition. Service restoration is only possible by rebooting the system.<br /> <br /> The jbuf memory leak only occurs in SSL Proxy and UTM Web-Filtering configurations. Other products, platforms, and configurations are not affected by this vulnerability.<br /> <br /> This issue affects Juniper Networks Junos OS on SRX Series:<br /> 22.2 versions prior to 22.2R3;<br /> 22.3 versions prior to 22.3R2-S1, 22.3R3;<br /> 22.4 versions prior to 22.4R1-S2, 22.4R2.<br /> <br /> This issue does not affect Juniper Networks Junos OS versions prior to 22.2R2.<br />

The "nickname" field within Savoir-faire Linux&amp;#39;s Jami application is susceptible to a failed state when a user inserts special characters into the field. When present, these special characters, make it so the application cannot create the signature for the user and results in a local denial of service to the application. 

Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux&amp;#39;s Jami (version 20222284) on Windows. <br /> <br /> This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger.<br /> <br />

SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.

Issue summary: The AES-SIV cipher implementation contains a bug that causes<br /> it to ignore empty associated data entries which are unauthenticated as<br /> a consequence.<br /> <br /> Impact summary: Applications that use the AES-SIV algorithm and want to<br /> authenticate empty data entries as associated data can be misled by removing,<br /> adding or reordering such empty entries as these are ignored by the OpenSSL<br /> implementation. We are currently unaware of any such applications.<br /> <br /> The AES-SIV algorithm allows for authentication of multiple associated<br /> data entries along with the encryption. To authenticate empty data the<br /> application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with<br /> NULL pointer as the output buffer and 0 as the input buffer length.<br /> The AES-SIV implementation in OpenSSL just returns success for such a call<br /> instead of performing the associated data authentication operation.<br /> The empty data thus will not be authenticated.<br /> <br /> As this issue does not affect non-empty associated data authentication and<br /> we expect it to be rare for an application to use empty associated data<br /> entries this is qualified as Low severity issue.

Cross-site Scripting (XSS) - DOM in GitHub repository plaidweb/webmention.js prior to 0.5.5.

Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file