28 matches found
EUVD-2002-1035
Malware in sbrugna...
Juniper Junos OS Path Traversal Vulnerability
A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform remote code execution...
CVE-2021-0261
CVE-2021-0261 affects Juniper Junos OS J-Web and related HTTP/HTTPS services, allowing an unauthenticated attacker to cause an extended DoS by sending a high volume of specific requests. Affected versions include multiple Junos OS releases across EX and SRX lines (e.g., 12.3 before 12.3R12-S17; 1...
CVE-2020-1631
CVE-2020-1631 is a path traversal/LFI vulnerability in the HTTP/HTTPS J-Web service of Junos OS. An unauthenticated attacker can exploit HTTP(S) to perform local file inclusion, path traversal, or possibly inject commands into httpd.log, read files with world-readable permissions (notably configu...
VulnCheck KEV: CVE-2020-1631
A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform remote code execution...
CVE-2020-1631
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform local file inclusion LFI or path traversal. Using this vulnerability...
Junos OS: Deleted dynamic VPN users are allowed to establish VPN connections until reboot (JSA10915)
According to its self-reported version number, the remote Juniper Junos device is affected by a vulnerability that allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. TRUSTED...
CVE-2019-0015
A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connections. Due to an error in token caching, deleted...
CVE-2019-0015
A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connections. Due to an error in token caching, deleted...
Authentication flaw
A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connections. Due to an error in token caching, deleted...
CVE-2019-0015
Summary: CVE-2019-0015 affects Junos OS on SRX Series (multiple releases) where a token caching error allows deleted dynamic VPN users to establish connections until a reboot. Affected versions: SRX 12.3X48 before 12.3X48-D75; 15.1X49 before 15.1X49-D150; 17.3 before 17.3R3; 17.4 before 17.4R2; 1...
CVE-2019-0015 Junos OS: SRX Series: Deleted dynamic VPN users are allowed to establish VPN connections until reboot
A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connections. Due to an error in token caching, deleted...
Juniper Networks Junos OS XSS Vulnerability in Dynamic VPN (JSA10677)
Junos OS is prone to a cross-site scripting XSS vulnerability in Dynamic VPN. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Juniper Junos SRX Series Dynamic VPN XSS (JSA10677)
According to its self-reported version number, the remote Juniper Junos SRX series device is affected by a cross-site scripting vulnerability due to a flaw in Dynamic VPN. A remote attacker can exploit this to view sensitive information or session credentials. Note that this issue only affects...
CVE-2015-3005
Cross-site scripting XSS vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, and 12.3X48 before 12.3X48-D10 on SRX series devices allows remote attackers to inject arbitrary web script or HTML via unspecified vector...
Cross site scripting
Cross-site scripting XSS vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, and 12.3X48 before 12.3X48-D10 on SRX series devices allows remote attackers to inject arbitrary web script or HTML via unspecified vector...
CVE-2015-3005
Cross-site scripting XSS vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, and 12.3X48 before 12.3X48-D10 on SRX series devices allows remote attackers to inject arbitrary web script or HTML via unspecified vector...
CVE-2015-3005
CVE-2015-3005 is a documented XSS vulnerability in Juniper Junos OS Dynamic VPN affecting SRX devices. The issue allows remote attackers to inject arbitrary script/HTML via unspecified vectors in affected releases: Junos 12.1X44 prior to 12.1X44-D45, 12.1X46 prior to 12.1X46-D30, 12.1X47 prior to...
Juniper Networks Junos OS DoS Vulnerability (JSA10620)
Juniper Networks Junos OS is prone to a denial of service DoS vulnerability for new dynamic VPN connections. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
CVE-2014-0612
Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before 11.4R11, 12.1X44 before 12.1X44-D26, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, and 12.1X46 before 12.1X46-D10, when Dynamic IPsec VPN is configured, allows remote attackers to cause a denial of service new Dynamic...