Tal Beery

**Name of the Vulnerable Software and Affected Versions** Juniper Networks Junos Space versions prior to 24.1R5 **Description** The TLS/SSL server in Juniper Networks Junos Space allows the use of static key ciphers, which reduces the confidentiality of on-path traffic. These ciphers do not support Perfect Forward Secrecy (PFS), impacting the long-term confidentiality of encrypted communications. **Recommendations** Update to Junos Space version 24.1R5 or later.

**Name of the Vulnerable Software and Affected Versions** Windows versions prior to the fixed version Windows 7 Windows Server 2012 R2 Windows RT 8.1 Windows Server 2008 Windows Server 2012 Windows 8.1 Windows Server 2016 Windows Server 2008 R2 Windows 10 Windows 10 Servers **Description** An information disclosure issue exists due to the Windows bowser.sys kernel-mode driver's failure to properly handle objects in memory. This could allow an attacker to access the contents of system memory, potentially obtaining sensitive information and affecting the system. **Recommendations** For Windows 7, update to a newer version that contains a fix for this issue. For Windows Server 2012 R2, update to a newer version that contains a fix for this issue. For Windows RT 8.1, update to a newer version that contains a fix for this issue. For Windows Server 2008, update to a newer version that contains a fix for this issue. For Windows Server 2012, update to a newer version that contains a fix for this issue. For Windows 8.1, update to a newer version that contains a fix for this issue. For Windows Server 2016, update to a newer version that contains a fix for this issue. For Windows Server 2008 R2, update to a newer version that contains a fix for this issue. For Windows 10, update to a newer version that contains a fix for this issue. For Windows 10 Servers, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the bowser.sys kernel-mode driver until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Windows Server 2016 Windows 10 **Description** The issue is related to an elevation of privilege vulnerability in Microsoft Cortana, which allows arbitrary website browsing on the lockscreen. This is due to insufficient access restrictions in the virtual voice assistant Cortana in Windows operating systems. The exploitation of this issue may allow an attacker to elevate their privileges. **Recommendations** For Windows Server 2016 and Windows 10, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows 10 (affected versions not specified) Windows 10 Servers (affected versions not specified) **Description** An Elevation of Privilege issue exists due to Cortana retrieving data from user input services without considering status. This allows attackers to affect the system. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For Windows 10 and Windows 10 Servers, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Continuum versions 1.1 through 1.2.3.1 Apache Continuum version 1.3.6 Apache Continuum version 1.4.0 Beta Archiva versions 1.0 through 1.3.3 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to the autoIncludeParameters setting for the extremecomponents table. **Recommendations** For Apache Continuum versions 1.1 through 1.2.3.1, update to a version outside of this range to resolve the issue. For Apache Continuum version 1.3.6, update to a version outside of this range to resolve the issue. For Apache Continuum version 1.4.0 Beta, update to a version outside of this range to resolve the issue. For Archiva versions 1.0 through 1.3.3, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the extremecomponents table to minimize the risk of exploitation.