Archivos anuales: 2024

Path Traversal: '\..\filename' in aimhubio/aim

NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerability to allow denied subjects.

Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service.

While this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separate regression in those release series did not allow Vault operators to configure the deny_unauthorized option, thus not allowing the conditions for the denial of service to occur.

Fixed in Vault and Vault Enterprise 1.17.2, 1.16.6, and 1.15.12.

An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code execution on a BMC.

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the connected Sirv account to an attacker-controlled one.

An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to consume memory resources, resulting in a Denial of Service (DoS) condition. The processes do not recover on their own and must be manually restarted.

This issue affects both IPv4 and IPv6. 

Changes in memory usage can be monitored using the following CLI command:
user@device> show system memory node | grep evo-aftmann
This issue affects Junos OS Evolved: 

* All versions before 21.2R3-S8-EVO, 
* 21.3 versions before 21.3R3-S5-EVO, 
* 21.4 versions before 21.4R3-S5-EVO, 
* 22.1 versions before 22.1R3-S4-EVO, 
* 22.2 versions before 22.2R3-S4-EVO,
* 22.3 versions before 22.3R3-S3-EVO,
* 22.4 versions before 22.4R2-S2-EVO, 22.4R3-EVO, 
* 23.2 versions before 23.2R1-S1-EVO, 23.2R2-EVO.

A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process of Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps) to cause a slow memory leak, ultimately leading to a Denial of Service (DoS).

Memory can only be recovered by manually restarting rtlogd process. 
The memory usage can be monitored using the below command.

    user@host> show system processes extensive | match rtlog 

This issue affects Junos OS on MX Series with SPC3 line card: 

* from 21.2R3 before 21.2R3-S8, 
* from 21.4R2 before 21.4R3-S6, 
* from 22.1 before 22.1R3-S5, 
* from 22.2 before 22.2R3-S3, 
* from 22.3 before 22.3R3-S2, 
* from 22.4 before 22.4R3-S1, 
* from 23.2 before 23.2R2, 
* from 23.4 before 23.4R2.

A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS).

Consumed memory can be freed by manually restarting Routing Protocol Daemon (rpd).

Memory utilization could be monitored by: 
user@host> show system memory or show system monitor memory status

This issue affects:

Junos OS:  * All versions before 21.2R3-S8, 
* from 21.4 before 21.4R3-S8,

* from 22.2 before 22.2R3-S4, 
* from 22.3 before 22.3R3-S3, 
* from 22.4 before 22.4R3-S3,
* from 23.2 before 23.2R2-S1, 
* from 23.4 before 23.4R1-S2, 23.4R2,
* from 24.2 before 24.2R2-EVO.

Junos OS Evolved:
* All versions before 21.2R3-S8-EVO,
* from 21.4 before 21.4R3-S8-EVO,
* from 22.2 before 22.2R3-S4-EVO,
* from 22.3 before 22.3R3-S3-EVO,
* from 22.4 before 22.4R3-S3-EVO,

* from 23.2 before 23.2R2-S1-EVO,
* from 23.4 before 23.4R1-S2, 23.4R2,
* from 24.2 before 24.2R2-EVO.

An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of  Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS). 

Continued receipt and processing of these specific packets will sustain the Denial of Service condition.

The memory usage can be monitored using the below command.

  user@host> show usp memory segment sha data objcache jsf 
This issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC: 

*  20.4 before 20.4R3-S10, 
*  21.2 before 21.2R3-S6, 
*  21.3 before 21.3R3-S5, 
*  21.4 before 21.4R3-S6, 
*  22.1 before 22.1R3-S4, 
*  22.2 before 22.2R3-S2, 
*  22.3 before 22.3R3-S1, 
*  22.4 before 22.4R3, 
*  23.2 before 23.2R2.

An Exposure of Resource to Wrong Sphere vulnerability in the sampling service of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to send arbitrary data to the device, which leads msvcsd process to crash with limited availability impacting Denial of Service (DoS) and allows unauthorized network access to the device, potentially impacting system integrity.

This issue only happens when inline jflow is configured.

This does not impact any forwarding traffic. The impacted services MSVCS-DB app crashes momentarily and recovers by itself. 

This issue affects Juniper Networks Junos OS Evolved: 
* 21.4 versions earlier than 21.4R3-S7-EVO; 
* 22.2 versions earlier than 22.2R3-S3-EVO;
* 22.3 versions earlier than 22.3R3-S2-EVO;
* 22.4 versions earlier than 22.4R3-EVO;
* 23.2 versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.