GHSA-CV23-Q6GH-XFRF WooCommerce has a Cross-Site Scripting (XSS) Vulnerability in checkout & registration forms

Impact A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be sent to victims for malicious purposes. The injected JavaScript...

Akamai SIRT Security Advisory: CVE-2023-26801 Exploited to Spread Mirai Botnet Malware

...

K42406850: F5 SIRT response to the Ukraine crisis

Security Advisory Description Over the past few weeks, the world has watched as tensions have risen between Russia and Ukraine, and most recently, those tensions have escalated into a military conflict. F5 is deeply concerned for the safety of those in harm's way and the impact to everyone affect...

JSA10497 - 2012-09: Security, Access, and Acceleration: Security Advisories Released

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A new Security, Access, and Acceleration product security advisory bundle has been released. This message contains the links to the new JSA advisories that have been released. In the...

Input validation

An Improper Input Validation vulnerability in the Routing Protocol Daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service DoS. If a BGP update message is received over an established BGP session, and that message...

REvil Resurgence? Or a Copycat?

Has REvil returned? In this new post by Akamai's SIRT, see a DDoS incident by a threat actor claiming to be REvil...

Ransom Demands Return: New DDoS Extortion Threats From Old Actors Targeting Finance and Retail

Update 08/24/2020 As mentioned below, the Akamai SIRT has been tracking attacks from the so-called Armada Collective and Fancy Bear actors, who are sending ransom letters to various industry verticals such as finance, travel, and e-commerce. In addition to the...

CVE-2018-0020

Junos OS may be impacted by the receipt of a malformed BGP UPDATE which can lead to a routing process daemon rpd crash and restart. Receipt of a repeated malformed BGP UPDATEs can result in an extended denial of service condition for the device. This malformed BGP UPDATE does not propagate to oth...

CVE-2018-0020

Junos OS may be impacted by the receipt of a malformed BGP UPDATE which can lead to a routing process daemon rpd crash and restart. Receipt of a repeated malformed BGP UPDATEs can result in an extended denial of service condition for the device. This malformed BGP UPDATE does not propagate to oth...

Design/Logic Flaw

Junos OS may be impacted by the receipt of a malformed BGP UPDATE which can lead to a routing process daemon rpd crash and restart. Receipt of a repeated malformed BGP UPDATEs can result in an extended denial of service condition for the device. This malformed BGP UPDATE does not propagate to oth...

CVE-2018-0020 Junos OS: rpd daemon cores due to malformed BGP UPDATE packet

Junos OS may be impacted by the receipt of a malformed BGP UPDATE which can lead to a routing process daemon rpd crash and restart. Receipt of a repeated malformed BGP UPDATEs can result in an extended denial of service condition for the device. This malformed BGP UPDATE does not propagate to oth...

CVE-2018-0015 AppFormix: Debug Shell Command Execution in AppFormix Agent

A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. The AppFormix Agent exposes the debug console on a host where AppFormix Agent is executing. If the host is...

CVE-2018-0015

CVE-2018-0015 affects Juniper AppFormix: the AppFormix Agent exposes a Python debug console on the host where the agent runs, allowing a user with unrestricted access to execute commands with root privileges. Affected releases include all versions up to 2.7.3, and 2.11 before 2.11.3, and 2.15 bef...

Attack of the Killer ROBOT

On Dec 12th, 2017, researchers Hanno Böck, Juraj Somorovsky and Craig Young published a paper detailing an attack they called the Return Of Bleichenbacher's Oracle Threat ROBOT. This attack, as the name implies, is an extension of an attack published in 1998 that affects systems using certain...

Design/Logic Flaw

Receipt of a specifically malformed IPv6 packet processed by the router may trigger a line card reset: processor exception 0x68616c74 halt in task: scheduler. The line card will reboot and recover without user interaction. However, additional specifically malformed packets may cause follow-on lin...

CVE-2016-4924

An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product...

CVE-2016-4925 JUNOSe: Line Card Reset: processor exception 0x68616c74 (halt) task: scheduler, upon receipt of crafted IPv6 packet

Receipt of a specifically malformed IPv6 packet processed by the router may trigger a line card reset: processor exception 0x68616c74 halt in task: scheduler. The line card will reboot and recover without user interaction. However, additional specifically malformed packets may cause follow-on lin...

CVE-2016-4925

CVE-2016-4925 affects Juniper JUNOSe/J Series E Series routers with IPv6 licensed and enabled. Receipt of a specifically malformed IPv6 packet can trigger a processor exception 0x68616c74 (halt) in the scheduler, causing the line card to reboot. While the line card will recover, additional malfor...

CVE-2016-4923 Junos J-Web: Cross Site Scripting Vulnerability

Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may potentially allow a remote unauthenticated user to inject web script or HTML and steal sensitive data and credentials from a J-Web session and to perform administrative actions on the Junos device...

CVE-2016-4924 vMX: Information leak vulnerability

An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product...