Vulnerabilities

A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges.

An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters.<br /> <br /> This issue affects Junos OS Evolved: <br /> <br /> <br /> <br /> * All versions before 21.4R3-S8-EVO, <br /> * 22.2-EVO before 22.2R3-S4-EVO, <br /> * 22.3-EVO before 22.3R3-S4-EVO, <br /> * 22.4-EVO before 22.4R3-S3-EVO, <br /> * 23.2-EVO before 23.2R2-S1-EVO, <br /> * 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of protected files on the file system.<br /> <br /> Through the execution of crafted CLI commands, a user with limited permissions (e.g., a low privilege login class user) can access protected files that should not be accessible to the user. These files may contain sensitive information that can be used to cause further impact to the system.<br /> <br /> This issue affects Junos OS on SRX Series: <br /> <br /> <br /> <br /> * All versions before 21.4R3-S8, <br /> * 22.2 before 22.2R3-S5, <br /> * 22.3 before 22.3R3-S4, <br /> * 22.4 before 22.4R3-S4, <br /> * 23.2 before 23.2R2-S2, <br /> * 23.4 before 23.4R2.

An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C lines cards, MX304 devices, and Juniper Networks Junos OS Evolved on PTX Series, allows an attacker sending malformed DHCP packets to cause ingress packet processing to stop, leading to a Denial of Service (DoS).  Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition.<br /> <br /> This issue only occurs if DHCP snooping is enabled. See configuration below.<br /> <br /> This issue can be detected using following commands. Their output will display the interface status going down:<br /> <br /> <br /> user@device&gt;show interfaces <br /> user@device&gt;show log messages | match <br /> user@device&gt;show log messages ==&gt; will display the "[Error] Wedge-Detect : Host Loopback Wedge Detected: PFE: no," logs.<br /> <br /> This issue affects:<br /> Junos OS on <br /> <br /> MX Series <br /> <br /> with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C line cards, and MX304: <br /> <br /> <br /> * All versions before 21.2R3-S7, <br /> * from 21.4 before 21.4R3-S6, <br /> * from 22.2 before 22.2R3-S3, <br /> * all versions of 22.3,<br /> * from 22.4 before 22.4R3, <br /> * from 23.2 before 23.2R2; <br /> <br /> <br /> <br /> Junos OS Evolved on PTX Series: <br /> * from 19.3R1-EVO before 21.2R3-S8-EVO,<br /> <br /> * from 21.4-EVO before 21.4R3-S7-EVO, <br /> * from 22.1-EVO before 22.1R3-S6-EVO, <br /> * from 22.2-EVO before 22.2R3-S5-EVO, <br /> * from 22.3-EVO before 22.3R3-S3-EVO, <br /> * from 22.4-EVO before 22.4R3-S1-EVO, <br /> * from 23.2-EVO before 23.2R2-S2-EVO, <br /> * from 23.4-EVO before 23.4R2-EVO.<br /> <br /> <br /> <br /> Junos OS Evolved releases prior to 19.3R1-EVO are unaffected by this vulnerability

A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges.

A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges.

A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges.

A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges.

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects:<br /> <br /> <br /> <br /> <br /> <br />  Product <br /> <br /> <br /> <br /> <br /> <br /> Affected Versions <br /> <br /> <br /> <br /> <br /> <br /> LoadMaster <br /> <br /> <br /> <br /> <br /> <br /> From 7.2.55.0 to 7.2.60.1 (inclusive) <br /> <br /> <br /> <br /> <br /> <br />   <br /> <br /> <br /> <br /> <br /> <br /> From 7.2.49.0 to 7.2.54.12 (inclusive) <br /> <br /> <br /> <br /> <br /> <br />   <br /> <br /> <br /> <br /> <br /> <br /> 7.2.48.12 and all prior versions <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> Multi-Tenant Hypervisor <br /> <br /> <br /> <br /> <br /> <br /> 7.1.35.12 and all prior versions <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> ECS<br /> <br /> <br /> <br /> <br /> <br /> All prior versions to 7.2.60.1 (inclusive)

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount a Denial-of-Service attack. By default, the h2o standalone server automatically restarts, minimizing the impact. However, HTTP requests that were served concurrently will still be disrupted. The vulnerability has been addressed in commit 1ed32b2. Users may disable the use of HTTP/3 to mitigate the issue.

DataEase is an open source data visualization analysis tool. In Dataease, the PostgreSQL data source in the data source function can customize the JDBC connection parameters and the PG server target to be connected. In backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java, PgConfiguration class don&amp;#39;t filter any parameters, directly concat user input. So, if the attacker adds some parameters in JDBC url, and connect to evil PG server, the attacker can trigger the PG jdbc deserialization vulnerability, and eventually the attacker can execute through the deserialization vulnerability system commands and obtain server privileges. The vulnerability has been fixed in v1.18.25.