Vulnerabilidades

*** Pendiente de traducción *** A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial of Service (DoS).<br /> <br /> On all Junos OS and Junos OS Evolved platforms, in a Multicast only Fast Reroute (MoFRR) scenario, the rpd process can crash when a a specific low privileged CLI command is executed. The rpd crash will impact all routing protocols until the process has automatically been restarted. As the operational state which makes this issue exploitable is outside the attackers control, this issue is considered difficult to exploit. Continued execution of this command will lead to a sustained DoS.<br /> <br /> This issue affects:<br /> Juniper Networks Junos OS<br /> 19.4 version 19.4R3-S5 and later versions prior to 19.4R3-S9;<br /> 20.1 version 20.1R2 and later versions;<br /> 20.2 versions prior to 20.2R3-S7;<br /> 20.3 versions prior to 20.3R3-S5;<br /> 20.4 versions prior to 20.4R3-S6;<br /> 21.1 versions prior to 21.1R3-S4;<br /> 21.2 versions prior to 21.2R3-S2;<br /> 21.3 versions prior to 21.3R3-S1;<br /> 21.4 versions prior to 21.4R3;<br /> 22.1 versions prior to 22.1R1-S2, 22.1R2;<br /> 22.2 versions prior to 22.2R2.<br /> <br /> Juniper Networks Junos OS Evolved<br /> All versions prior to 20.4R3-S6-EVO;<br /> 21.1-EVO version 21.1R1-EVO and later versions;<br /> 21.2-EVO version 21.2R1-EVO and later versions;<br /> 21.3-EVO versions prior to 21.3R3-S1-EVO;<br /> 21.4-EVO versions prior to 21.4R3-EVO;<br /> 22.1-EVO versions prior to 22.1R1-S2-EVO, 22.1R2-EVO;<br /> 22.2-EVO versions prior to 22.2R2-EVO.<br />

*** Pendiente de traducción *** A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service (DoS).<br /> <br /> On all Junos OS and Junos OS Evolved, when a specific L2VPN command is run, RPD will crash and restart. Continued execution of this specific command will create a sustained Denial of Service (DoS) condition.<br /> <br /> This issue affects:<br /> Juniper Networks Junos OS<br /> All versions prior to 19.3R3-S10;<br /> 20.1 versions prior to 20.1R3-S4;<br /> 20.2 versions prior to 20.2R3-S6;<br /> 20.3 versions prior to 20.3R3-S6;<br /> 20.4 versions prior to 20.4R3-S5;<br /> 21.1 versions prior to 21.1R3-S4;<br /> 21.2 versions prior to 21.2R3-S3;<br /> 21.3 versions prior to 21.3R3-S2;<br /> 21.4 versions prior to 21.4R3;<br /> 22.1 versions prior to 22.1R3;<br /> 22.2 versions prior to 22.2R2;<br /> 22.3 versions prior to 22.3R2;<br /> <br /> Juniper Networks Junos OS Evolved<br /> All versions prior to 20.4R3-S7-EVO;<br /> 21.1 versions prior to 21.1R3-S3-EVO;<br /> 21.2 versions prior to 21.2R3-S5-EVO;<br /> 21.3 versions prior to 21.3R3-S4-EVO;<br /> 21.4 versions prior to 21.4R3-EVO;<br /> 22.1 versions prior to 22.1R3-EVO;<br /> 22.2 versions prior to 22.2R2-EVO;<br /> 22.3 versions prior to 22.3R2-EVO;<br />

*** Pendiente de traducción *** An Improper Handling of Undefined Values vulnerability in the periodic packet management daemon (PPMD) of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS).<br /> <br /> When a malformed CFM packet is received, it leads to an FPC crash. Continued receipt of these packets causes a sustained denial of service. This vulnerability occurs only when CFM has been configured on the interface.<br /> <br /> This issue affects Juniper Networks Junos OS:<br /> versions prior to 19.1R3-S10 on MX Series;<br /> 19.2 versions prior to 19.2R3-S7 on MX Series;<br /> 19.3 versions prior to 19.3R3-S8 on MX Series;<br /> 19.4 versions prior to 19.4R3-S12 on MX Series;<br /> 20.1 version 20.1R1 and later versions on MX Series;<br /> 20.2 versions prior to 20.2R3-S8 on MX Series;<br /> 20.3 version 20.3R1 and later versions on MX Series;<br /> 20.4 versions prior to 20.4R3-S7 on MX Series;<br /> 21.1 versions prior to 21.1R3-S5 on MX Series;<br /> 21.2 versions prior to 21.2R3-S5 on MX Series;<br /> 21.3 versions prior to 21.3R3-S4 on MX Series;<br /> 21.4 versions prior to 21.4R3-S4 on MX Series;<br /> 22.1 versions prior to 22.1R3-S3 on MX Series;<br /> 22.2 versions prior to 22.2R3-S1 on MX Series;<br /> 22.3 versions prior to 22.3R3 on MX Series;<br /> 22.4 versions prior to 22.4R1-S2, 22.4R2 on MX Series.<br />

*** Pendiente de traducción *** An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS).<br /> <br /> When a malformed LLDP packet is received, l2cpd will crash and restart. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. Continued receipt of such packets will lead to a sustained Denial of Service.<br /> <br /> This issue affects:<br /> Juniper Networks Junos OS<br /> 21.4 versions prior to 21.4R3-S3;<br /> 22.1 versions prior to 22.1R3-S3;<br /> 22.2 versions prior to 22.2R2-S1, 22.2R3;<br /> 22.3 versions prior to 22.3R2.<br /> <br /> Juniper Networks Junos OS Evolved<br /> 21.4-EVO versions prior to 21.4R3-S2-EVO;<br /> 22.1-EVO versions prior to 22.1R3-S3-EVO;<br /> 22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO;<br /> 22.3-EVO versions prior to 22.3R2-EVO.<br />

*** Pendiente de traducción *** Microsoft Edge for Android (Chromium-based) Tampering Vulnerability

*** Pendiente de traducción *** Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

*** Pendiente de traducción *** Microsoft Edge for iOS Spoofing Vulnerability

*** Pendiente de traducción *** An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

*** Pendiente de traducción *** An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files.

*** Pendiente de traducción *** Cross Site Scripting (XSS) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows a remote authenticated attacker to execute arbitrary code via a crafted malicious script.

*** Pendiente de traducción *** An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication.

*** Pendiente de traducción *** Cross Site Request Forgery (CSRF) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to execute arbitrary code via a crafted request.