770 matches found
CVE-2019-11358
CVE-2019-11358 is a prototype pollution vulnerability in jQuery (before 3.4.0) where mishandling of extend(true, {}, ...) can extend Object.prototype if an unsanitized source object has an enumerable proto property. The Core issue is triggered when a polluted prototype is introduced via nested ob...
CVE-2020-1631
CVE-2020-1631 is a path traversal/LFI vulnerability in the HTTP/HTTPS J-Web service of Junos OS. An unauthenticated attacker can exploit HTTP(S) to perform local file inclusion, path traversal, or possibly inject commands into httpd.log, read files with world-readable permissions (notably configu...
CVE-2022-22215
CVE-2022-22215 describes a Denial of Service in Junos OS and Junos OS Evolved due to a missing release of file descriptors/handles after a gRPC connection ends. The root cause is that /var/run/.env files may not be deleted when a gRPC session terminates, potentially exhausting inodes. Affected pr...
CVE-2020-7656
CVE-2020-7656 affects jQuery versions prior to 1.9.0. The vulnerability arises from the load method failing to strip certain ), enabling cross‑site scripting. Public materials describe PoC/exploitation and public advisories/patch guidance (e.g., upgrade to 1.9.0+). The CVE is documented with an o...
CVE-2021-25220
CVE-2021-25220 affects ISC BIND where cache poisoning can occur when using DNS forwarders, allowing forged NS records to be cached and cause queries to reach the wrong servers or return false information. The Initial CVE data covers BIND versions from 9.11.x (including 9.11.0–9.11.36) and 9.12.x ...
CVE-2016-7103
CVE-2016-7103 is a cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0, exploitable via the closeText parameter of the Dialog widget. The issue allows remote script/HTML injection. Remediation per connected documents is to upgrade to jQuery UI 1.12.0 or later (fixed version).
CVE-2004-0230
Technical details beyond the public description are not provided in the supplied documents. CVE-2004-0230 describes a TCP sequence-number guessing/RST-injection denial-of-service under large window size; no remediation details are given here.
CVE-2020-10188
CVE-2020-10188 affects the telnetd server of netkit telnet (up to 0.17). The issue is a buffer overflow caused by incorrect bounds checks in handling short writes and urgent data (netclear/nextitem), enabling remote arbitrary code execution by unauthenticated attackers. Connected advisories confi...
CVE-2017-3145
CVE-2017-3145 affects BIND: the resolver incorrectly sequenced cleanup operations on upstream recursion fetch contexts, causing a use-after-free that can trigger an assertion failure and crash named. Affected versions include BIND 9.0.0 through 9.8.x, 9.9.0–9.9.11, 9.10.0–9.10.6, 9.11.0–9.11.2, 9...
CVE-2016-1286
CVE-2016-1286 affects ISC BIND 9.x (before 9.9.8-P4 and 9.10.x before 9.10.3-P4). A remote attacker can trigger a denial of service by sending a crafted DNS signature for a DNAME record, leading to an assertion failure in resolver.c or db.c and a named process crash. The issue is documented with ...
CVE-2023-36844
CVE-2023-36844 affects Juniper Junos OS on EX Series (J-Web) and enables an unauthenticated, network-based attacker to modify PHP environment variables, potentially causing partial integrity loss and enabling vulnerability chaining. Affected versions include multiple 20.4R3-S9 through 23.2R2 line...
CVE-2016-1285
CVE-2016-1285 affects ISC BIND 9.x (before 9.9.8-P4 and 9.10.x before 9.10.3-P4). The issue arises from improper handling of control-channel input to rndc, causing assertion failure and named daemon exit via a malformed packet. Connected advisories describe related impact for DNAME records (CVE-2...
CVE-2023-36845
CVE-2023-36845 affects Juniper Junos OS J-Web on EX Series and SRX Series. Root cause: PHP external variable modification via PHPRC allows unauthenticated, network-based Remote Code Execution. Affected versions include pre-20.4R3-S9 and multiple 21.x, 22.x, 23.2 branches with various subversions;...
CVE-2023-36851
CVE-2023-36851 affects Juniper Junos OS on SRX Series with a Missing Authentication for Critical Function flaw in J-Web. A unauthenticated, network-based attacker can upload/download arbitrary files via the web interface (webauth_operation.php), potentially compromising file-system integrity or c...
CVE-2023-36846
CVE-2023-36846 (Juniper Junos OS SRX Series) is a Missing Authentication for Critical Function vulnerability. An unauthenticated, network-based attacker can trigger J-Web to upload arbitrary files, leading to a loss of file-system integrity for a portion of the device. Affected Junos OS/SRX Serie...
CVE-2023-36847
CVE-2023-36847 affects Juniper Networks Junos OS on EX Series. It is a pre-authentication missing-authentication-for-critical-function vulnerability in J-Web that allows an unauthenticated, network-based attacker to upload arbitrary files, causing limited integrity loss in parts of the file syste...
CVE-2025-21590
CVE-2025-21590 – Junos OS kernel vulnerability : An improper isolation/compartmentalization flaw in the Junos OS kernel allows a local attacker with shell access and high privileges to inject arbitrary code and compromise device integrity (not exploitable from the Junos CLI). Affected are Junos O...
CVE-2017-2345
Technical details for CVE-2017-2345 are not publicly available in the provided connected documents. Monitor for updates; the supplied materials do not specify affected Junos releases beyond the initial description.
CVE-2019-0044
CVE-2019-0044 affects Juniper SRX5000 series running Junos OS: 12.1X46 before 12.1X46-D82; 12.3X48 before 12.3X48-D80; 15.1X49 before 15.1X49-D160. Root cause is a kernel crash (vmcore) triggered by processing a crafted packet on the fxp0 out-of-band management interface, leading to DoS via repea...
CVE-2019-0053
The CVE-2019-0053 entry concerns the inetutils Telnet client in Junos OS, where environment-variable handling is insufficiently validated, causing a stack-based buffer overflow. This vulnerability is local to the Telnet client used from the CLI or shell, with inbound Telnet services unaffected. A...
CVE-2019-0052
The CVE-2019-0052 issue affects Juniper Networks Junos OS on SRX Series gateways, where the srxpfe process crashes when the UTM/JSF module processes a specific fragmented HTTP packet. The packet is misinterpreted as a normal TCP packet, causing a processor crash. Affected releases cover multiple ...
CVE-2015-5361
CVE-2015-5361 describes a Juniper Junos OS issue where, if the FTP ALG ftps-extensions option is used (and not disabled by default), the encrypted control channel prevents port-specific inspection and the device may open a wide data channel (gate) from the client IP to the server IP across all de...
CVE-2019-0049
The CVE-2019-0049 issue affects Junos OS devices where BGP graceful restart helper mode or the BGP graceful restart mechanism is enabled. A specific sequence of BGP session restarts with a peer that has graceful restart enabled can cause the local RPD process to crash and restart, potentially lea...
CVE-2015-3006
CVE-2015-3006 applies to Juniper Junos OS on QFX3500 and QFX3600 switches. The described vulnerability is an entropy issue: during boot the device collects too few bytes from the RANDOM_INTERRUPT entropy source, which can lead to weak or duplicate SSH keys and self-signed SSL/TLS certificates. En...
CVE-2022-22249
The CVE-2022-22249 issue affects Juniper Networks Junos OS on MX Series, specifically in the Packet Forwarding Engine (PFE). A continuous MAC move can trigger a memory corruption that causes one or more FPCs to crash and reboot, leading to a Denial of Service. Affected versions include all before...
CVE-2023-36839
The CVE-2023-36839 issue affects Juniper Networks Junos OS and Junos OS Evolved. Affected component: Layer-2 control protocols daemon (l2cpd). Root cause: Improper validation of specified quantity in input, triggered by specific LLDP packets from an unauthenticated adjacent attacker, leading to a...
CVE-2023-36843
The CVE-2023-36843 issue affects Junos OS with the jsf module, where receiving malformed SSL traffic can crash the Packet Forwarding Engine (PFE) and cause DoS. Impact is limited to devices with ATP Cloud and Encrypted Traffic Insights enabled. Affected versions include 20.4R3-S8/S9, 21.1R1+, 21....
CVE-2019-0046
Summary: CVE-2019-0046 affects Juniper Networks Junos OS on EX4300 Series, via the pfe-chassisd Chassis Manager (CMLC) daemon. The vulnerability allows an attacker to cause a Denial of Service by sending specific valid broadcast packets that trigger a broadcast storm on the me0 interface, requiri...
CVE-2020-1651
CVE-2020-1651 affects Juniper Networks Junos OS on MX Series routers. A memory leak caused by processing a specific stream of Layer 2 frames can crash the line-card PFE, leading to DoS traffic interruption. Impact observed in MX Series revisions including 17.2 (prior to 17.2R3-S4) and 17.2X75 (pr...
CVE-2024-21591
CVE-2024-21591 is an out-of-bounds write vulnerability in Juniper Networks Junos OS J-Web affecting SRX Series and EX Series. An unauthenticated, network-based attacker can cause a Denial of Service or Remote Code Execution and obtain root privileges on affected devices. The flaw stems from use o...
CVE-2024-21610
Summary (CVE-2024-21610) : A vulnerability in Juniper Networks Junos OS cosd (Class of Service daemon) on MX Series allows an authenticated, low-privileged attacker to cause a limited DoS by handling specific low-privileged commands (via NETCONF, SSH, or Telnet) on behalf of mgd; mgd processes ca...
CVE-2021-0291
CVE-2021-0291 affects Juniper Networks Junos OS and Junos OS Evolved. The vulnerability is an Exposure of System Data where a network-based, unauthenticated attacker can send traffic that partially reaches a sensitive system resource, potentially causing partial DoS through elevated CPU on the RE...
CVE-2023-44175
CVE-2023-44175 affects Junos OS and Junos OS Evolved. A Reachable Assertion in the routing protocol daemon (rpd) can be triggered by specific genuine PIM packets, causing rpd to crash and leading to a Denial of Service. The impact is a sustained DoS, with exploitation described as dependent on re...
CVE-2021-0211
CVE-2021-0211 describes an improper check in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (RPD) that allows an attacker to inject a valid BGP FlowSpec message, causing unexpected changes to route advertisements in the BGP FlowSpec domain and leading to a DoS condition. A...
CVE-2024-21614
Summary: CVE-2024-21614 affects Juniper Networks Junos OS and Junos OS Evolved. The issue is an improper check for unusual or exceptional conditions in the Routing Protocol Daemon (RPD). When NETCONF and gRPC are enabled and a specific Dynamic Rendering (DREND) query is executed, RPD crashes and ...
CVE-2023-4481
CVE-2023-4481 describes an improper input validation in Juniper’s Routing Protocol Daemon (rpd) for Junos OS and Junos OS Evolved. A remote, unauthenticated attacker can cause a DoS by sending crafted BGP UPDATE messages over an existing BGP session; the impact can be sustained as updates are pro...
CVE-2024-21598
CVE-2024-21598 affects Juniper Networks Junos OS and Junos OS Evolved, where the Routing Protocol Daemon (rpd) crashes and restarts when receiving a BGP update containing a malformed TLV in a tunnel encapsulation attribute. This is due to improper validation of syntactic correctness of input. Imp...
CVE-2020-1684
CVE-2020-1684 affects Juniper Networks Junos OS on SRX Series. The issue is triggered when application identification inspection is enabled and specific HTTP traffic is processed, causing high CPU load and potential traffic interruption. Affected versions include SRX Series: 12.3X48 prior to 12.3...
CVE-2021-0284
CVE-2021-0284 is a buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS that can cause a Denial of Service when an attacker sends specific sequences of packets destined to the device. The issue triggers only on traffic addressed to the device, not transit traffic, and is...
CVE-2021-0219
CVE-2021-0219 is a local command-injection vulnerability in Juniper Junos OS in the install package validation subsystem, exploitable when an administrator runs the CLI command 'request system software add validate-on-host' to validate packages. A locally authenticated attacker with CLI access ca...
CVE-2022-22188
The CVE-2022-22188 entry concerns a heap-based buffer overflow in Juniper Networks Junos OS PFE (packet forwarding engine). A network-based, unauthenticated attacker can flood the target device with traffic, causing a Denial of Service, with impact dependent on device configuration. Affected plat...
CVE-2022-22209
CVE-2022-22209 describes a memory-leak DoS in Juniper Junos OS kernel KRT handling, caused by interface flaps or route churn that can desynchronize RIB and FIB, leading to ENOMEM and inability to add new routes. Affected are Junos OS 21.2 before 21.2R3; 21.3 before 21.3R2-S1, 21.3R3; 21.4 before ...
CVE-2024-30378
This CVE describes a Use After Free in the MX Series bbe-smgd daemon of Junos OS during certain CLI commands, causing the broadband edge service manager to crash and restart (DoS). Affected software: Junos OS on MX Series with GRES and Subscriber Management enabled. Root cause: writing into an mg...
CVE-2024-39530
CVE-2024-39530 affects Juniper Networks Junos OS, specifically the chassis management daemon (chassisd). The vulnerability is an improper check for unusual or exceptional conditions that allows an unauthenticated, network-based attacker to trigger a DoS by causing chassisd to crash when accessing...
CVE-2019-0048
CVE-2019-0048 affects Juniper Networks Junos OS on the EX4300 Series. Root cause: with TCAM optimization enabled, an implicit loopback filter rule (high priority) meant for 224.0.0.x incorrectly matches 224.x.x.x, causing multicast firewall behavior to break when a filter is applied on the loopba...
CVE-2022-22198
The CVE-2022-22198 vulnerability affects Juniper Networks Junos OS on MX Series and SRX Series when SIP ALG is enabled. The root cause is an Access of Uninitialized Pointer in the SIP ALG, which can be exploited by unauthenticated network-based attackers to cause a Denial of Service. Per the docu...
CVE-2021-0206
CVE-2021-0206 is a NULL pointer dereference in Juniper Junos OS that can crash the Packet Forwarding Engine (PFE) on NFX/SRX platforms when SSL Proxy is enabled, causing a DoS. Exploitation requires sending specific packets over the network. Affected ranges include Junos OS on NFX/SRX: 18.3 befor...
CVE-2021-0210
CVE-2021-0210 affects Juniper Networks Junos OS and specifically the J-Web interface. The vulnerability is an information exposure flaw that enables an unauthenticated attacker to leverage an authenticated user session to elevate privileges. Affected versions include multiple release tracks acros...
CVE-2021-31382
CVE-2021-31382 describes a race condition in Juniper Junos OS on PTX1000 and PTX10002-60C systems that, after upgrading to an affected release, can cause misassignment of firewall filters to interfaces due to contention between chassisd and dfwd. This may result in interfaces having incorrect pro...
CVE-2024-30395
CVE-2024-30395 describes an improper validation of a BGP tunnel encapsulation attribute in Junos OS and Junos OS Evolved RPD, leading to an unauthenticated, network-based DoS. A BGP update containing a specifically malformed TLV can cause Routing Protocol Daemon (rpd) to crash and restart. Affect...