Vulnerabilities

Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated adjacent attacker sending a specifically malformed LLDP TLV to cause the l2cpd process to crash and restart, causing a Denial of Service (DoS).  Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.<br /> <br /> When an LLDP telemetry subscription is active, receipt of a specifically malformed LLDP TLV causes the l2cpd process to crash and restart.<br /> <br /> <br /> <br /> This issue affects:<br /> <br /> Junos OS: <br /> <br /> <br /> * All versions before 21.2R3-S9, <br /> * from 21.4 before 21.4R3-S10, <br /> * from 22.2 before 22.2R3-S6, <br /> * from 22.4 before 22.4R3-S6, <br /> * from 23.2 before 23.2R2-S3, <br /> * from 23.4 before 23.4R2-S4, <br /> * from 24.2 before 24.2R2; <br /> <br /> <br /> <br /> <br /> Junos OS Evolved: <br /> <br /> <br /> <br /> * All versions before 21.4R3-S10-EVO,<br /> * from 22.2-EVO before 22.2R3-S6-EVO, <br /> * from 22.4-EVO before 22.4R3-S6-EVO, <br /> * from 23.2-EVO before 23.2R2-S3-EVO, <br /> * from 23.4-EVO before 23.4R2-S4-EVO, <br /> * from 24.2-EVO before 24.2R2-EVO.

A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stack (DS) Lite tunnel to crash the flowd process, resulting in a Denial of Service (DoS).  Continuous triggering of specific control traffic will create a sustained Denial of Service (DoS) condition.<br /> <br /> On all SRX platforms, when specific, valid control traffic needs to be sent out of a DS-Lite tunnel, a segmentation fault occurs within the flowd process, resulting in a network outage until the flowd process restarts.<br /> <br /> This issue affects Junos OS on SRX Series: <br /> * All versions before 21.2R3-S9, <br /> * from 21.4 before 21.4R3-S9, <br /> * from 22.2 before 22.2R3-S5, <br /> * from 22.4 before 22.4R3-S6, <br /> * from 23.2 before 23.2R2-S3, <br /> * from 23.4 before 23.4R2.

A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series allows an attacker to send a specific DHCP packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.<br /> <br /> Under a rare timing scenario outside the attacker&amp;#39;s control, memory corruption may be observed when DHCP Option 82 is enabled, leading to an FPC crash and affecting packet forwarding. Due to the nature of the heap-based overflow, exploitation of this vulnerability could also lead to remote code execution within the FPC, resulting in complete control of the vulnerable component.<br /> This issue affects Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series: <br /> <br /> <br /> <br /> <br /> * All versions before 21.4R3-S9, <br /> * from 22.2 before 22.2R3-S5, <br /> * from 22.4 before 22.4R3-S5, <br /> * from 23.2 before 23.2R2-S3, <br /> * from 23.4 before 23.4R2-S3, <br /> * from 24.2 before 24.2R2.

An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an unauthenticated, network-based attacker, sending genuine traffic targeted to the device to cause the CPU to climb until the device becomes unresponsive. <br /> <br /> Continuous receipt of these packets will create a sustained Denial of Service (DoS) condition.<br /> <br /> <br /> <br /> <br /> This issue affects Junos OS: <br /> <br /> <br /> <br /> * All versions before 21.4R3-S9,<br /> * from 22.2 before 22.2R3-S5,<br /> * from 22.4 before 22.4R3-S4,<br /> * from 23.2 before 23.2R2-S3,<br /> * from 23.4 before 23.4R2-S3,<br /> * from 24.2 before 24.2R1-S1, 24.2R2.<br /> <br /> <br /> An indicator of compromise is to review the CPU % of the httpd process in the CLI:<br /> e.g.<br />   show system processes extensive | match httpd  PID nobody       52   0   20M    191M select   2   0:01   80.00% httpd{httpd}

Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual &amp; Multicurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Multilingual &amp; Multicurrency: from n/a through 5.3.8.

Missing Authorization vulnerability in Brizy Brizy Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy Pro: from n/a through 2.6.1.

Cross-Site Request Forgery (CSRF) vulnerability in Brizy Brizy Pro allows Cross Site Request Forgery.This issue affects Brizy Pro: from n/a through 2.6.1.

An Improper Check for Unusual or Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer to cause Denial of Service (DoS).<br /> <br /> On all Junos OS and Junos OS Evolved platforms, when BGP rib-sharding and update-threading are configured, and a BGP peer flap is done with specific timing, rpd crashes and restarts. Continuous peer flapping at specific time intervals will result in a sustained Denial of Service (DoS) condition.<br /> <br /> This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. The issue can occur with or without logical-systems enabled.<br /> <br /> This issue affects:<br /> Junos OS:<br /> <br /> <br /> <br /> * All versions before 20.4R3-S8,<br /> * 21.2 versions before 21.2R3-S6,<br /> <br /> * 21.3 versions before 21.3R3-S5,<br /> * 21.4 versions before 21.4R3-S4,<br /> * 22.1 versions before 22.1R3-S3,<br /> * 22.2 versions before 22.2R3-S1,<br /> * 22.3 versions before 22.3R3,<br /> * 22.4 versions before 22.4R3.<br /> <br /> <br /> Junos OS Evolved:<br /> <br /> <br /> <br /> * All versions before 21.2R3-S6-EVO,<br /> * 21.3-EVO versions before 21.3R3-S5-EVO,<br /> * 21.4-EVO versions before 21.4R3-S4-EVO,<br /> * 22.1-EVO versions before 22.1R3-S3-EVO,<br /> * 22.2-EVO versions before :22.2R3-S1-EVO,<br /> * 22.3-EVO versions before 22.3R3-EVO,<br /> * 22.4-EVO versions before 22.4R3-EVO.

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service (DoS).<br /> <br /> On all Junos OS and Junos OS Evolved platforms, in an EVPN-VXLAN scenario, when specific ARP packets are received on an IPv4 network, or specific NDP packets are received on an IPv6 network, kernel heap memory leaks, which eventually leads to an FPC crash and restart.<br /> <br /> This issue does not affect MX Series platforms.<br /> Heap size growth on FPC can be seen using below command.<br /> <br /> <br /> user@host&gt; show chassis fpc<br />                     Temp CPU Utilization (%) CPU Utilization (%) Memory   Utilization (%)<br /> Slot State           (C) Total Interrupt     1min   5min   15min   DRAM (MB)   Heap   Buffer<br />   0 Online           45     3         0       2       2      2       32768      19       0 

An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series causes a port within a pool to be blocked leading to Denial of Service (DoS).<br /> <br /> In a DS-Lite (Dual-Stack Lite) and NAT (Network Address Translation) scenario, when crafted IPv6 traffic is received and prefix-length is set to 56, the ports assigned to the user will not be freed.  Eventually, users cannot establish new connections. Affected FPC/PIC need to be manually restarted to recover.<br /> Following is the command to identify the issue: <br /> <br /> <br />     user@host&gt; show services nat source port-block <br />     Host_IP                     External_IP                   Port_Block      Ports_Used/       Block_State/<br />                                                               Range           Ports_Total       Left_Time(s)<br />     2001::                        x.x.x.x                     58880-59391     256/256*1         Active/-       &gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;port still usedThis issue affects Junos OS on MX Series: <br /> <br /> * from 21.2 before 21.2R3-S8, <br /> * from 21.4 before 21.4R3-S7, <br /> * from 22.1 before 22.1R3-S6, <br /> * from 22.2 before 22.2R3-S4, <br /> * from 22.3 before 22.3R3-S3, <br /> * from 22.4 before 22.4R3-S2, <br /> * from 23.2 before 23.2R2-S1, <br /> * from 23.4 before 23.4R1-S2, 23.4R2.<br /> <br /> <br /> This issue does not affect versions before 20.2R1.

A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition.<br /> <br /> Continuous receipt of these DHCP packets using the malformed DHCP Option will create a sustained Denial of Service (DoS) condition.<br /> <br /> <br /> This issue affects Junos OS:<br /> <br /> <br /> <br /> * from 23.1 before 23.2R2-S3,<br /> * from 23.4 before 23.4R2-S3,<br /> * from 24.2 before 24.2R2.<br /> <br /> <br /> This issue isn&amp;#39;t applicable to any versions of Junos OS before 23.1R1. <br /> <br /> <br /> <br /> This issue doesn&amp;#39;t affect vSRX Series which doesn&amp;#39;t support DHCP Snooping. <br /> <br /> This issue doesn&amp;#39;t affect Junos OS Evolved.<br /> <br /> There are no indicators of compromise for this issue.