Lucene search
K
JuniperJunos

782 matches found

CVE
CVE
added 2019/04/19 12:0 a.m.3093 views

CVE-2019-11358

CVE-2019-11358 is a prototype pollution vulnerability in jQuery (before 3.4.0) where mishandling of extend(true, {}, ...) can extend Object.prototype if an unsanitized source object has an enumerable proto property. The Core issue is triggered when a polluted prototype is introduced via nested ob...

6.1CVSS6.4AI score0.87218EPSS
In wild
CVE
CVE
added 2020/05/04 9:25 a.m.1026 views

CVE-2020-1631

CVE-2020-1631 is a path traversal/LFI vulnerability in the HTTP/HTTPS J-Web service of Junos OS. An unauthenticated attacker can exploit HTTP(S) to perform local file inclusion, path traversal, or possibly inject commands into httpd.log, read files with world-readable permissions (notably configu...

9.8CVSS9.7AI score0.04725EPSS
In wild
CVE
CVE
added 2020/05/19 12:0 a.m.915 views

CVE-2020-7656

CVE-2020-7656 affects jQuery versions prior to 1.9.0. The vulnerability arises from the load method failing to strip certain ), enabling cross‑site scripting. Public materials describe PoC/exploitation and public advisories/patch guidance (e.g., upgrade to 1.9.0+). The CVE is documented with an o...

6.1CVSS4.9AI score0.06273EPSS
CVE
CVE
added 2022/07/20 2:15 p.m.906 views

CVE-2022-22215

CVE-2022-22215 describes a Denial of Service in Junos OS and Junos OS Evolved due to a missing release of file descriptors/handles after a gRPC connection ends. The root cause is that /var/run/.env files may not be deleted when a gRPC session terminates, potentially exhausting inodes. Affected pr...

6.5CVSS5.8AI score0.00543EPSS
CVE
CVE
added 2022/03/23 12:50 p.m.877 views

CVE-2021-25220

CVE-2021-25220 affects ISC BIND where cache poisoning can occur when using DNS forwarders, allowing forged NS records to be cached and cause queries to reach the wrong servers or return false information. The Initial CVE data covers BIND versions from 9.11.x (including 9.11.0–9.11.36) and 9.12.x ...

6.8CVSS7AI score0.0325EPSS
CVE
CVE
added 2017/03/15 12:0 a.m.855 views

CVE-2016-7103

CVE-2016-7103 is a cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0, exploitable via the closeText parameter of the Dialog widget. The issue allows remote script/HTML injection. Remediation per connected documents is to upgrade to jQuery UI 1.12.0 or later (fixed version).

6.1CVSS6AI score0.2258EPSS
In wild
CVE
CVE
added 2004/05/05 4:0 a.m.815 views

CVE-2004-0230

Technical details beyond the public description are not provided in the supplied documents. CVE-2004-0230 describes a TCP sequence-number guessing/RST-injection denial-of-service under large window size; no remediation details are given here.

5CVSS9.1AI score0.80855EPSS
CVE
CVE
added 2020/03/06 2:7 p.m.715 views

CVE-2020-10188

CVE-2020-10188 affects the telnetd server of netkit telnet (up to 0.17). The issue is a buffer overflow caused by incorrect bounds checks in handling short writes and urgent data (netclear/nextitem), enabling remote arbitrary code execution by unauthenticated attackers. Connected advisories confi...

10CVSS9.9AI score0.74513EPSS
CVE
CVE
added 2019/01/16 8:0 p.m.617 views

CVE-2017-3145

CVE-2017-3145 affects BIND: the resolver incorrectly sequenced cleanup operations on upstream recursion fetch contexts, causing a use-after-free that can trigger an assertion failure and crash named. Affected versions include BIND 9.0.0 through 9.8.x, 9.9.0–9.9.11, 9.10.0–9.10.6, 9.11.0–9.11.2, 9...

7.5CVSS7.7AI score0.27725EPSS
CVE
CVE
added 2016/03/09 11:0 p.m.554 views

CVE-2016-1286

CVE-2016-1286 affects ISC BIND 9.x (before 9.9.8-P4 and 9.10.x before 9.10.3-P4). A remote attacker can trigger a denial of service by sending a crafted DNS signature for a DNAME record, leading to an assertion failure in resolver.c or db.c and a named process crash. The issue is documented with ...

8.6CVSS8.2AI score0.621EPSS
CVE
CVE
added 2023/08/17 7:17 p.m.490 views

CVE-2023-36844

CVE-2023-36844 affects Juniper Junos OS on EX Series (J-Web) and enables an unauthenticated, network-based attacker to modify PHP environment variables, potentially causing partial integrity loss and enabling vulnerability chaining. Affected versions include multiple 20.4R3-S9 through 23.2R2 line...

5.3CVSS7.1AI score0.89628EPSS
In wild
CVE
CVE
added 2016/03/09 11:0 p.m.454 views

CVE-2016-1285

CVE-2016-1285 affects ISC BIND 9.x (before 9.9.8-P4 and 9.10.x before 9.10.3-P4). The issue arises from improper handling of control-channel input to rndc, causing assertion failure and named daemon exit via a malformed packet. Connected advisories describe related impact for DNAME records (CVE-2...

6.8CVSS7.2AI score0.59143EPSS
CVE
CVE
added 2023/08/17 7:17 p.m.454 views

CVE-2023-36845

CVE-2023-36845 affects Juniper Junos OS J-Web on EX Series and SRX Series. Root cause: PHP external variable modification via PHPRC allows unauthenticated, network-based Remote Code Execution. Affected versions include pre-20.4R3-S9 and multiple 21.x, 22.x, 23.2 branches with various subversions;...

9.8CVSS7.7AI score0.93546EPSS
In wildWeb
CVE
CVE
added 2023/09/26 7:53 p.m.443 views

CVE-2023-36851

CVE-2023-36851 affects Juniper Junos OS on SRX Series with a Missing Authentication for Critical Function flaw in J-Web. A unauthenticated, network-based attacker can upload/download arbitrary files via the web interface (webauth_operation.php), potentially compromising file-system integrity or c...

5.3CVSS6.2AI score0.01091EPSS
In wild
CVE
CVE
added 2023/08/17 7:18 p.m.349 views

CVE-2023-36846

CVE-2023-36846 (Juniper Junos OS SRX Series) is a Missing Authentication for Critical Function vulnerability. An unauthenticated, network-based attacker can trigger J-Web to upload arbitrary files, leading to a loss of file-system integrity for a portion of the device. Affected Junos OS/SRX Serie...

5.3CVSS6.2AI score0.94205EPSS
In wildWeb
CVE
CVE
added 2023/08/17 7:16 p.m.329 views

CVE-2023-36847

CVE-2023-36847 affects Juniper Networks Junos OS on EX Series. It is a pre-authentication missing-authentication-for-critical-function vulnerability in J-Web that allows an unauthenticated, network-based attacker to upload arbitrary files, causing limited integrity loss in parts of the file syste...

5.3CVSS6.2AI score0.84692EPSS
In wild
CVE
CVE
added 2025/03/12 1:59 p.m.252 views

CVE-2025-21590

CVE-2025-21590 – Junos OS kernel vulnerability : An improper isolation/compartmentalization flaw in the Junos OS kernel allows a local attacker with shell access and high privileges to inject arbitrary code and compromise device integrity (not exploitable from the Junos CLI). Affected are Junos O...

6.7CVSS4.9AI score0.01657EPSS
In wild
CVE
CVE
added 2017/07/14 2:0 p.m.220 views

CVE-2017-2345

Technical details for CVE-2017-2345 are not publicly available in the provided connected documents. Monitor for updates; the supplied materials do not specify affected Junos releases beyond the initial description.

9.8CVSS8.6AI score0.0363EPSS
In wild
CVE
CVE
added 2019/04/10 8:13 p.m.203 views

CVE-2019-0044

CVE-2019-0044 affects Juniper SRX5000 series running Junos OS: 12.1X46 before 12.1X46-D82; 12.3X48 before 12.3X48-D80; 15.1X49 before 15.1X49-D160. Root cause is a kernel crash (vmcore) triggered by processing a crafted packet on the fxp0 out-of-band management interface, leading to DoS via repea...

7.5CVSS7.5AI score0.01563EPSS
In wild
CVE
CVE
added 2019/07/11 7:40 p.m.179 views

CVE-2019-0053

The CVE-2019-0053 entry concerns the inetutils Telnet client in Junos OS, where environment-variable handling is insufficiently validated, causing a stack-based buffer overflow. This vulnerability is local to the Telnet client used from the CLI or shell, with inbound Telnet services unaffected. A...

7.8CVSS7.7AI score0.00587EPSS
CVE
CVE
added 2019/07/11 7:40 p.m.159 views

CVE-2019-0052

The CVE-2019-0052 issue affects Juniper Networks Junos OS on SRX Series gateways, where the srxpfe process crashes when the UTM/JSF module processes a specific fragmented HTTP packet. The packet is misinterpreted as a normal TCP packet, causing a processor crash. Affected releases cover multiple ...

7.8CVSS7.5AI score0.01841EPSS
CVE
CVE
added 2020/02/28 10:25 p.m.158 views

CVE-2015-5361

CVE-2015-5361 describes a Juniper Junos OS issue where, if the FTP ALG ftps-extensions option is used (and not disabled by default), the encrypted control channel prevents port-specific inspection and the device may open a wide data channel (gate) from the client IP to the server IP across all de...

6.5CVSS6.3AI score0.00465EPSS
Web
CVE
CVE
added 2019/07/11 7:40 p.m.136 views

CVE-2019-0049

The CVE-2019-0049 issue affects Junos OS devices where BGP graceful restart helper mode or the BGP graceful restart mechanism is enabled. A specific sequence of BGP session restarts with a peer that has graceful restart enabled can cause the local RPD process to crash and restart, potentially lea...

7.5CVSS7.6AI score0.01539EPSS
CVE
CVE
added 2020/02/28 10:26 p.m.135 views

CVE-2015-3006

CVE-2015-3006 applies to Juniper Junos OS on QFX3500 and QFX3600 switches. The described vulnerability is an entropy issue: during boot the device collects too few bytes from the RANDOM_INTERRUPT entropy source, which can lead to weak or duplicate SSH keys and self-signed SSL/TLS certificates. En...

6.8CVSS6.6AI score0.00771EPSS
CVE
CVE
added 2022/10/18 2:46 a.m.129 views

CVE-2022-22249

The CVE-2022-22249 issue affects Juniper Networks Junos OS on MX Series, specifically in the Packet Forwarding Engine (PFE). A continuous MAC move can trigger a memory corruption that causes one or more FPCs to crash and reboot, leading to a Denial of Service. Affected versions include all before...

6.5CVSS6.6AI score0.0045EPSS
CVE
CVE
added 2023/10/12 10:58 p.m.125 views

CVE-2023-36843

The CVE-2023-36843 issue affects Junos OS with the jsf module, where receiving malformed SSL traffic can crash the Packet Forwarding Engine (PFE) and cause DoS. Impact is limited to devices with ATP Cloud and Encrypted Traffic Insights enabled. Affected versions include 20.4R3-S8/S9, 21.1R1+, 21....

7.5CVSS7.6AI score0.00547EPSS
CVE
CVE
added 2023/10/12 10:56 p.m.124 views

CVE-2023-36839

The CVE-2023-36839 issue affects Juniper Networks Junos OS and Junos OS Evolved. Affected component: Layer-2 control protocols daemon (l2cpd). Root cause: Improper validation of specified quantity in input, triggered by specific LLDP packets from an unauthenticated adjacent attacker, leading to a...

6.5CVSS6.5AI score0.0027EPSS
CVE
CVE
added 2019/07/11 7:40 p.m.121 views

CVE-2019-0046

Summary: CVE-2019-0046 affects Juniper Networks Junos OS on EX4300 Series, via the pfe-chassisd Chassis Manager (CMLC) daemon. The vulnerability allows an attacker to cause a Denial of Service by sending specific valid broadcast packets that trigger a broadcast storm on the me0 interface, requiri...

6.5CVSS6.4AI score0.00665EPSS
CVE
CVE
added 2020/07/17 6:40 p.m.121 views

CVE-2020-1651

CVE-2020-1651 affects Juniper Networks Junos OS on MX Series routers. A memory leak caused by processing a specific stream of Layer 2 frames can crash the line-card PFE, leading to DoS traffic interruption. Impact observed in MX Series revisions including 17.2 (prior to 17.2R3-S4) and 17.2X75 (pr...

6.5CVSS6.4AI score0.00454EPSS
CVE
CVE
added 2024/01/12 12:52 a.m.121 views

CVE-2024-21591

CVE-2024-21591 is an out-of-bounds write vulnerability in Juniper Networks Junos OS J-Web affecting SRX Series and EX Series. An unauthenticated, network-based attacker can cause a Denial of Service or Remote Code Execution and obtain root privileges on affected devices. The flaw stems from use o...

9.8CVSS9.7AI score0.17668EPSS
CVE
CVE
added 2024/04/12 2:55 p.m.119 views

CVE-2024-21610

Summary (CVE-2024-21610) : A vulnerability in Juniper Networks Junos OS cosd (Class of Service daemon) on MX Series allows an authenticated, low-privileged attacker to cause a limited DoS by handling specific low-privileged commands (via NETCONF, SSH, or Telnet) on behalf of mgd; mgd processes ca...

5.3CVSS4.5AI score0.00478EPSS
CVE
CVE
added 2021/07/15 8:1 p.m.111 views

CVE-2021-0291

CVE-2021-0291 affects Juniper Networks Junos OS and Junos OS Evolved. The vulnerability is an Exposure of System Data where a network-based, unauthenticated attacker can send traffic that partially reaches a sensitive system resource, potentially causing partial DoS through elevated CPU on the RE...

6.5CVSS6.2AI score0.01008EPSS
CVE
CVE
added 2023/10/12 10:59 p.m.111 views

CVE-2023-44175

CVE-2023-44175 affects Junos OS and Junos OS Evolved. A Reachable Assertion in the routing protocol daemon (rpd) can be triggered by specific genuine PIM packets, causing rpd to crash and leading to a Denial of Service. The impact is a sustained DoS, with exploitation described as dependent on re...

7.5CVSS6.8AI score0.00515EPSS
CVE
CVE
added 2023/08/31 11:46 p.m.110 views

CVE-2023-4481

CVE-2023-4481 describes an improper input validation in Juniper’s Routing Protocol Daemon (rpd) for Junos OS and Junos OS Evolved. A remote, unauthenticated attacker can cause a DoS by sending crafted BGP UPDATE messages over an existing BGP session; the impact can be sustained as updates are pro...

7.5CVSS7.5AI score0.15143EPSS
CVE
CVE
added 2021/01/15 5:35 p.m.108 views

CVE-2021-0211

CVE-2021-0211 describes an improper check in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (RPD) that allows an attacker to inject a valid BGP FlowSpec message, causing unexpected changes to route advertisements in the BGP FlowSpec domain and leading to a DoS condition. A...

10CVSS9.4AI score0.01317EPSS
CVE
CVE
added 2024/04/16 8:3 p.m.108 views

CVE-2024-30378

This CVE describes a Use After Free in the MX Series bbe-smgd daemon of Junos OS during certain CLI commands, causing the broadband edge service manager to crash and restart (DoS). Affected software: Junos OS on MX Series with GRES and Subscriber Management enabled. Root cause: writing into an mg...

6.9CVSS7AI score0.00179EPSS
CVE
CVE
added 2024/01/12 12:56 a.m.107 views

CVE-2024-21614

Summary: CVE-2024-21614 affects Juniper Networks Junos OS and Junos OS Evolved. The issue is an improper check for unusual or exceptional conditions in the Routing Protocol Daemon (RPD). When NETCONF and gRPC are enabled and a specific Dynamic Rendering (DREND) query is executed, RPD crashes and ...

7.5CVSS7.6AI score0.00695EPSS
CVE
CVE
added 2024/04/12 3:23 p.m.106 views

CVE-2024-30386

CVE-2024-30386 is a Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved. In EVPN-VXLAN deployments, state updates processed by adjacent systems may flow in an unsafe order, causing l2ald to crash and restart, leading to a D...

7.1CVSS6.7AI score0.00267EPSS
CVE
CVE
added 2020/10/16 8:31 p.m.105 views

CVE-2020-1684

CVE-2020-1684 affects Juniper Networks Junos OS on SRX Series. The issue is triggered when application identification inspection is enabled and specific HTTP traffic is processed, causing high CPU load and potential traffic interruption. Affected versions include SRX Series: 12.3X48 prior to 12.3...

7.5CVSS7.5AI score0.0106EPSS
CVE
CVE
added 2021/01/15 5:35 p.m.105 views

CVE-2021-0206

CVE-2021-0206 is a NULL pointer dereference in Juniper Junos OS that can crash the Packet Forwarding Engine (PFE) on NFX/SRX platforms when SSL Proxy is enabled, causing a DoS. Exploitation requires sending specific packets over the network. Affected ranges include Junos OS on NFX/SRX: 18.3 befor...

7.5CVSS7.5AI score0.0131EPSS
CVE
CVE
added 2024/04/12 2:54 p.m.105 views

CVE-2024-21598

CVE-2024-21598 affects Juniper Networks Junos OS and Junos OS Evolved, where the Routing Protocol Daemon (rpd) crashes and restarts when receiving a BGP update containing a malformed TLV in a tunnel encapsulation attribute. This is due to improper validation of syntactic correctness of input. Imp...

8.7CVSS6.8AI score0.00571EPSS
CVE
CVE
added 2021/08/17 10:50 p.m.104 views

CVE-2021-0284

CVE-2021-0284 is a buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS that can cause a Denial of Service when an attacker sends specific sequences of packets destined to the device. The issue triggers only on traffic addressed to the device, not transit traffic, and is...

7.8CVSS7.5AI score0.00993EPSS
CVE
CVE
added 2024/04/12 2:54 p.m.104 views

CVE-2024-21593

CVE-2024-21593 affects Juniper Networks Junos OS/Junos OS Evolved on MX Series with MPC10/11, LC9600, and MX304. The vulnerability is an Improper Check or Handling of Exceptional Conditions in the Packet Forwarding Engine (PFE) that allows an unauthenticated, adjacent attacker to cause a Denial o...

7.1CVSS6.8AI score0.00295EPSS
CVE
CVE
added 2022/04/14 3:50 p.m.103 views

CVE-2022-22188

The CVE-2022-22188 entry concerns a heap-based buffer overflow in Juniper Networks Junos OS PFE (packet forwarding engine). A network-based, unauthenticated attacker can flood the target device with traffic, causing a Denial of Service, with impact dependent on device configuration. Affected plat...

7.5CVSS7.5AI score0.0148EPSS
CVE
CVE
added 2022/07/20 2:14 p.m.103 views

CVE-2022-22209

CVE-2022-22209 describes a memory-leak DoS in Juniper Junos OS kernel KRT handling, caused by interface flaps or route churn that can desynchronize RIB and FIB, leading to ENOMEM and inability to add new routes. Affected are Junos OS 21.2 before 21.2R3; 21.3 before 21.3R2-S1, 21.3R3; 21.4 before ...

7.5CVSS7.5AI score0.00873EPSS
CVE
CVE
added 2024/07/11 4:4 p.m.103 views

CVE-2024-39530

CVE-2024-39530 affects Juniper Networks Junos OS, specifically the chassis management daemon (chassisd). The vulnerability is an improper check for unusual or exceptional conditions that allows an unauthenticated, network-based attacker to trigger a DoS by causing chassisd to crash when accessing...

8.7CVSS7.6AI score0.00476EPSS
CVE
CVE
added 2019/07/11 7:40 p.m.102 views

CVE-2019-0048

CVE-2019-0048 affects Juniper Networks Junos OS on the EX4300 Series. Root cause: with TCAM optimization enabled, an implicit loopback filter rule (high priority) meant for 224.0.0.x incorrectly matches 224.x.x.x, causing multicast firewall behavior to break when a filter is applied on the loopba...

5.8CVSS5.7AI score0.00966EPSS
CVE
CVE
added 2021/01/15 5:36 p.m.102 views

CVE-2021-0219

CVE-2021-0219 is a local command-injection vulnerability in Juniper Junos OS in the install package validation subsystem, exploitable when an administrator runs the CLI command 'request system software add validate-on-host' to validate packages. A locally authenticated attacker with CLI access ca...

7.2CVSS6.7AI score0.00704EPSS
CVE
CVE
added 2022/04/14 3:51 p.m.102 views

CVE-2022-22198

The CVE-2022-22198 vulnerability affects Juniper Networks Junos OS on MX Series and SRX Series when SIP ALG is enabled. The root cause is an Access of Uninitialized Pointer in the SIP ALG, which can be exploited by unauthenticated network-based attackers to cause a Denial of Service. Per the docu...

7.5CVSS7.5AI score0.00884EPSS
CVE
CVE
added 2024/04/12 3:27 p.m.102 views

CVE-2024-30402

Summary of CVE-2024-30402 (Juniper Junos OS / Junos OS Evolved): The vulnerability stems from an improper check for unusual or exceptional conditions in the Layer 2 Address Learning Daemon (l2ald). When telemetry requests are received and the Dynamic Rendering Daemon (drend) is suspended, l2ald c...

8.2CVSS6.8AI score0.00522EPSS
Total number of security vulnerabilities782