203 matches found
CVE-2025-30651 Junos OS and Junos OS Evolved: Receipt of a specific ICMPv6 packet causes a memory overrun leading to an rpd crash
A Buffer Access with Incorrect Length Value vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. When an attacker sends a specific ICMPv6 packet to an interface with...
CVE-2025-21601 Junos OS: SRX and EX Series, MX240, MX480, MX960, QFX5120 Series: When web management is enabled for specific services an attacker may cause a CPU spike by sending genuine packets to the device
An Improper Following of Specification by Caller vulnerability in web management J-Web, Captive Portal, 802.1X, Juniper Secure Connect JSC of Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an unauthenticated, network-based attacker, sending genuine...
Juniper Junos OS Vulnerability (JSA96459)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA96459 advisory. - An Improper Input Validation vulnerability in the syslog stream TCP transport of Juniper Networks Junos OS on MX240, MX480, and MX960 devices with MX-SPC3 Security Service...
Juniper Junos OS Vulnerability (JSA96467)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA96467 advisory. - An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon SRRD of Juniper Networks Junos OS allows an unauthenticated, network-based...
CVE-2024-10206
A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B APROL 4.4-00P5 may allow an unauthenticated network-based attacker to force the web server to request arbitrary URLs...
CVE-2024-10207
A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B APROL 4.4-00P5 may allow an authenticated network-based attacker to force the web server to request arbitrary URLs...
CVE-2024-10210
An External Control of File Name or Path vulnerability in the APROL Web Portal used in B&R APROL 4.4-005P may allow an authenticated network-based attacker to access data from the file system...
CVE-2024-10210 Path traversal in APROL Web Portal
An External Control of File Name or Path vulnerability in the APROL Web Portal used in B&R APROL 4.4-005P may allow an authenticated network-based attacker to access data from the file system...
CVE-2024-10206
A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL 4.4-00P5 may allow an unauthenticated network-based attacker to force the web server to request arbitrary URLs...
CVE-2024-45480
CVE-2024-45480 concerns B&R APROL’s AprolCreateReport component (versions before 4.4-00P5). The flaw is described as improper control of code generation, enabling an unauthenticated, network-based attacker to read local system files (code injection-related exposure) with high impact on confidenti...
CVE-2024-10208 Cross Site Scripting vulnerability in APROL Web Portal
An Improper Neutralization of Input During Web Page Generation vulnerability in the APROL Web Portal used in B&R APROL 4.4-00P5 may allow an authenticated network-based attacker to insert malicious code which is then executed in the context of the user’s browser session...
CVE-2025-21598
CVE-2025-21598 is an out-of-bounds read vulnerability in Junos OS and Junos OS Evolved -rpd (routing protocol daemon). An unauthenticated, network-based attacker can send malformed BGP packets to a device with BGP trace options enabled, crashing rpd. Affected ranges include multiple Junos OS and ...
CVE-2025-21599
CVE-2025-21599 affects Juniper Networks Junos OS Evolved. The vulnerability is in the Juniper Tunnel Driver (jtd) where a memory misreference occurs after handling certain malformed IPv6 packets, causing kernel memory not to be freed and leading to memory exhaustion and a Denial of Service. Affec...
CVE-2024-10490
An “Authentication Bypass Using an Alternate Path or Channel” vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0 and B&R mapp Vision before 6.0 may be used by an...
CVE-2024-47489
An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine pfe of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service DoS to...
CVE-2024-39547
An Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks Junos OS and Junos OS Evolved within cRPD allows an unauthenticated network-based attacker sending crafted TCP traffic to the routing engine RE to cause a CPU-based Denial of Service DoS. If special...
CVE-2024-47506 Junos OS: SRX Series: A large amount of traffic being processed by ATP Cloud can lead to a PFE crash
A Deadlock vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. When a large amount of traffic is processed by ATP Cloud inspection, a deadlock can occur which will result i...
CVE-2024-47504 Junos OS: SRX5000 Series: Receipt of a specific malformed packet will cause a flowd crash
An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine pfe Juniper Networks Junos OS on SRX5000 Series allows an unauthenticated, network based attacker to cause a Denial of Service Dos. When a non-clustered SRX5000 device receives a specifically malformed...
CVE-2024-47497 Junos OS: SRX Series, QFX Series, MX Series and EX Series: Receiving specific HTTPS traffic causes resource exhaustion
An Uncontrolled Resource Consumption vulnerability in the http daemon httpd of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based attacker to cause Denial-of-Service DoS. An attacker can send specific HTTPS connection requests to...
CVE-2024-47489 Junos OS Evolved: ACX Series: Receipt of specific transit protocol packets is incorrectly processed by the RE
An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine pfe of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service DoS to...