Lucene search
K

4699 matches found

NCSC
NCSC
added yesterday14 views

Vulnerabilities found in Juniper Networks’ Junos OS and Junos OS Evolved

Juniper has identified several vulnerabilities in Junos OS and Junos OS Evolved, specifically related to devices in the MX Series, PTX Series, QFX Series, EX Series, SRX Series, and QFX10000 Series. These vulnerabilities affect various components of Junos OS and Junos OS Evolved, including the...

9.8CVSS7.1AI score0.02497EPSS
Exploits0References22
Nuclei
Nuclei
added yesterday100 views

Juniper Web Device Manager - Cross-Site Scripting

Juniper Web Device Manager J-Web in Junos OS contains a cross-site scripting vulnerability. This can allow an unauthenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web, which can allow the attacker to steal...

6.1CVSS6.4AI score0.02468EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42723

An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...

7.1CVSS5.9AI score0.00411EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-42716

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion. Due to an incorrect initialization, a process which should only be able to communicate internall...

7.3CVSS5.9AI score0.00301EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42711

An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service DoS. When TCP proxy is engaged in a flow session,...

8.7CVSS6AI score0.00461EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42703

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on EX Series allows a local, authenticated attacker to cause a Denial-of-Service DoS. On EX2300, EX4000, EX4100, EX4300-MP Multigigabit and EX4400 switches, an authenticated, local attacker with no specific permissions ...

6.8CVSS6AI score0.00123EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-57028

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion. Due to an incorrect initialization, a process which should only be able to communicate internall...

7.3CVSS0.00301EPSS
Exploits0References1
NVD
NVD
added 5 days ago9 views

CVE-2026-33803

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, a process whi...

6.9CVSS0.00354EPSS
Exploits0References1
NVD
NVD
added 5 days ago5 views

CVE-2026-21901

A NULL Pointer Dereference vulnerability in the management daemon mgd of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker setting or deactivating a specific SSH configuration parameter to create a Denial of Service DoS. A local high-privileged user configuri...

6.7CVSS0.00166EPSS
Exploits0References2
NVD
NVD
added 5 days ago12 views

CVE-2026-33799

An Out-of-bounds Write vulnerability in the SNMP daemon snmpd of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated network-based attacker sending specific valid SNMPv3 queries to trigger a memory leak. Over time, continuous receipt of these queries will result in snmpd proces...

5.3CVSS0.0036EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-33794

An Improper Check for Unusual or Exceptional Conditions vulnerability in the advanced forwarding toolkit evo-aftmand of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated network-based attacker generating continuous routing updates, resulting in unilist ECMP routes, to cras...

8.2CVSS0.00405EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-57054 Junos OS: MX Series: Web filtering doesn't block specifically formatted URLs

A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass web filtering and access downstream resources that should be unreachable. If an MX Series device is...

6.9CVSS0.00347EPSS
Exploits0References1
CVE
CVE
added 5 days ago14 views

CVE-2026-57054

CVE-2026-57054 describes a Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Juniper Networks Junos OS on MX Series. The issue allows an unauthenticated, network-based attacker to bypass web filtering and access downstream resources that should be unreacha...

6.9CVSS6AI score0.00347EPSS
Exploits0References1Affected Software1
CVE
CVE
added 5 days ago16 views

CVE-2026-57032

CVE-2026-57032 describes an improper handling of undefined parameters in the packet forwarding engine (pfe) of Juniper Networks Junos OS on EX Series devices. When attempting to subscribe to an unsupported telemetry sensor path on EX2300, EX3400, EX4000, EX4100, and EX4400 via gRPC, the Front Pan...

7.1CVSS5.9AI score0.00411EPSS
Exploits0References1Affected Software1
CVE
CVE
added 5 days ago59 views

CVE-2026-57031

Summary of CVE-2026-57031 (Junos OS MX Series): A vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series devices allows adjacent subscribers configured on static interfaces to bypass ingress firewall filters, disabling both protocol-level and upstream bandwi...

5.3CVSS6AI score0.00238EPSS
Exploits0References1
CVE
CVE
added 5 days ago13 views

CVE-2026-57030

CVE-2026-57030 describes a race condition in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series. The vulnerability occurs during flow timeout handling in stateful traffic processing: a race when setting a flow’s timeout can cause the value to be set to an abnormally hig...

8.2CVSS6AI score0.00381EPSS
Exploits0References1Affected Software1
CVE
CVE
added 5 days ago14 views

CVE-2026-57029

CVE-2026-57029 describes a missing synchronization vulnerability in the flow collector handler of Junos OS Evolved on QFX Series. When the reachability of an sFlow collector changes, updating the next-hop entry can race with the sFlow thread accessing the same data, causing the evo-pfemand proces...

6CVSS6AI score0.0019EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-57029

A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series allows an adjacent, unauthenticated attacker to cause a Denial-of-Service DoS. When the reachability of an sFlow collector changes, the corresponding next-hop entry is...

6CVSS6AI score0.0019EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-57028 Junos OS Evolved: A port which has been inadvertently exposed can be reached by an attacker

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion. Due to an incorrect initialization, a process which should only be able to communicate internall...

7.3CVSS0.00301EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-57028

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion. Due to an incorrect initialization, a process which should only be able to communicate internall...

7.3CVSS5.9AI score0.00301EPSS
Exploits0References2
Rows per page
Query Builder