A vulnerability has been discovered in the Junos OS, which could allow for remote code execution. Junos OS is a FreeBSD-based network operating system used in Juniper Networks routing, switching and security devices. Successful exploitation could allow for remote code execution in the context of the system. Depending on the privileges associated with the logged on user, an attacker could then install programs; view, change, or delete data. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.
Multiple vulnerabilities have been discovered in ConnectWise ScreenConnect, the most severe of which could allow for remote code execution. ConnectWise ScreenConnect is ConnectWise’s remote desktop and mobile support solutions to allow technicians to perform remote support, gain remote access and run remote meetings. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the service account, an attacker could then install programs; view, change, or delete data. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
High CVE-2024-1669: Out of bounds memory access in Blink
High CVE-2024-1670: Use after free in Mojo
Medium CVE-2024-1671: Inappropriate implementation in Site Isolation
Medium CVE-2024-1672: Inappropriate implementation in Content Security Policy
Medium CVE-2024-1673: Use after free in Accessibility
Medium CVE-2024-1674: Inappropriate implementation in Navigation
Medium CVE-2024-1675: Insufficient policy enforcement in Download
Low CVE-2024-1676: Inappropriate implementation in Navigation
