Lucene search
K

127 matches found

CVE
CVE
added 2022/07/20 2:15 p.m.906 views

CVE-2022-22215

CVE-2022-22215 describes a Denial of Service in Junos OS and Junos OS Evolved due to a missing release of file descriptors/handles after a gRPC connection ends. The root cause is that /var/run/.env files may not be deleted when a gRPC session terminates, potentially exhausting inodes. Affected pr...

6.5CVSS5.8AI score0.00543EPSS
Web
CVE
CVE
added 2023/10/12 10:56 p.m.124 views

CVE-2023-36839

The CVE-2023-36839 issue affects Juniper Networks Junos OS and Junos OS Evolved. Affected component: Layer-2 control protocols daemon (l2cpd). Root cause: Improper validation of specified quantity in input, triggered by specific LLDP packets from an unauthenticated adjacent attacker, leading to a...

6.5CVSS6.5AI score0.0027EPSS
CVE
CVE
added 2023/08/31 11:46 p.m.109 views

CVE-2023-4481

CVE-2023-4481 describes an improper input validation in Juniper’s Routing Protocol Daemon (rpd) for Junos OS and Junos OS Evolved. A remote, unauthenticated attacker can cause a DoS by sending crafted BGP UPDATE messages over an existing BGP session; the impact can be sustained as updates are pro...

7.5CVSS7.5AI score0.15143EPSS
CVE
CVE
added 2024/04/12 3:27 p.m.102 views

CVE-2024-30402

Summary of CVE-2024-30402 (Juniper Junos OS / Junos OS Evolved): The vulnerability stems from an improper check for unusual or exceptional conditions in the Layer 2 Address Learning Daemon (l2ald). When telemetry requests are received and the Dynamic Rendering Daemon (drend) is suspended, l2ald c...

8.2CVSS6.8AI score0.00522EPSS
CVE
CVE
added 2024/04/12 3:23 p.m.101 views

CVE-2024-30386

CVE-2024-30386 is a Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved. In EVPN-VXLAN deployments, state updates processed by adjacent systems may flow in an unsafe order, causing l2ald to crash and restart, leading to a D...

7.1CVSS6.7AI score0.00267EPSS
CVE
CVE
added 2024/04/12 3:7 p.m.99 views

CVE-2024-30395

CVE-2024-30395 describes an improper validation of a BGP tunnel encapsulation attribute in Junos OS and Junos OS Evolved RPD, leading to an unauthenticated, network-based DoS. A BGP update containing a specifically malformed TLV can cause Routing Protocol Daemon (rpd) to crash and restart. Affect...

8.7CVSS6.8AI score0.00544EPSS
CVE
CVE
added 2023/10/12 11:0 p.m.96 views

CVE-2023-44176

CVE-2023-44176 is a stack-based buffer overflow in the CLI command processing of Juniper Networks Junos OS. The vulnerability allows a low-privileged attacker to execute specific CLI commands, triggering a Denial of Service with repeated actions potentially sustaining it. Affected Junos OS versio...

5.5CVSS5.8AI score0.00163EPSS
CVE
CVE
added 2024/10/11 3:18 p.m.93 views

CVE-2024-39534

CVE-2024-39534 affects Junos OS Evolved. An incorrect comparison in the local address verification API allows an unauthenticated, network-adjacent attacker to create sessions or send traffic using the subnet’s network and broadcast addresses, bypassing certain controls such as stateless firewall ...

5.4CVSS5.5AI score0.00639EPSS
CVE
CVE
added 2023/06/21 12:0 a.m.92 views

CVE-2023-0026

The CVE-2023-0026 issue is a DoS in Juniper Networks Junos OS and Junos OS Evolved caused by improper input validation in the Routing Protocol Daemon (rpd). A remote, unauthenticated attacker can tear down a BGP session by sending an established-session BGP update containing a specific optional t...

7.5CVSS7.4AI score0.00645EPSS
CVE
CVE
added 2024/04/12 2:55 p.m.91 views

CVE-2024-21615

CVE-2024-21615 concerns Juniper Networks Junos OS and Junos OS Evolved. The root cause is an Incorrect Default Privileges condition that, when NETCONF traceoptions are configured, can allow a local, low-privileged user to access confidential information after a super-user performs certain NETCONF...

5.1CVSS6.3AI score0.00152EPSS
CVE
CVE
added 2024/04/16 8:4 p.m.90 views

CVE-2024-30380

CVE-2024-30380 affects Junos OS and Junos OS Evolved. An adjacent, unauthenticated attacker can trigger a DoS by sending a specific TLV that crashes the l2cpd process, reinitializing STP/RSTP/MSTP/VSTP, MVRP and ERP. Affected versions are: Junos OS: before 20.4R3-S9; 21.2 before 21.2R3-S7; 21.3 b...

7.1CVSS6.8AI score0.00309EPSS
CVE
CVE
added 2022/04/14 3:50 p.m.89 views

CVE-2022-22196

CVE-2022-22196 affects Juniper Junos OS and Junos OS Evolved, in Routing Protocol Daemon (rpd). An adjacent, unauthenticated attacker with an ISIS adjacency can cause DoS by sending a malformed ISIS TLV, causing rpd CPU to spike to 100% and disrupt routing updates. Affected versions are: Junos OS...

6.5CVSS6.5AI score0.0037EPSS
CVE
CVE
added 2022/04/14 3:50 p.m.88 views

CVE-2022-22195

CVE-2022-22195 describes an Improper Update of Reference Count vulnerability in the kernel of Juniper Networks Junos OS Evolved. An unauthenticated, network-based attacker can trigger a counter overflow, resulting in a Denial of Service (DoS). Affected: Junos OS Evolved — all versions before 20.4...

7.8CVSS7.4AI score0.01015EPSS
CVE
CVE
added 2022/04/14 3:50 p.m.87 views

CVE-2022-22194

CVE-2022-22194 affects Juniper Networks Junos OS Evolved PTX10003/10004/10008 due to an improper check for unusual or exceptional conditions in the packetIO daemon. An unauthenticated, network-based attacker can cause a sustained denial-of-service by sending crafted packets. Affected versions are...

7.5CVSS7.5AI score0.00965EPSS
CVE
CVE
added 2023/10/11 8:8 p.m.87 views

CVE-2023-44186

CVE-2023-44186 concerns Juniper Networks Junos OS and Junos OS Evolved. The issue is an Improper Handling of Exceptional Conditions in AS PATH processing that allows a BGP update with a very long AS PATH of 4-byte ASes to trigger a Denial of Service when NSR is enabled and advertising to a non-4-...

7.5CVSS7.4AI score0.00538EPSS
CVE
CVE
added 2022/04/14 3:50 p.m.84 views

CVE-2022-22197

The CVE describes an Operation on a Resource after Expiration or Release vulnerability in Juniper Networks Junos OS and Junos OS Evolved’s Routing Protocol Daemon (rpd). An unauthenticated attacker with an established BGP session can cause a Denial of Service when proxy-generate route-target filt...

7.5CVSS7.5AI score0.01072EPSS
CVE
CVE
added 2025/02/05 3:31 p.m.81 views

CVE-2024-39564

CVE-2024-39564 describes a double-free vulnerability in Juniper’s routing process daemon (rpd) for Junos OS and Junos OS Evolved. A malformed BGP Path attribute update can trigger a memory double-free in the rpd log path, causing the process to crash and resulting in a Denial of Service. Affected...

8.7CVSS6.8AI score0.00404EPSS
CVE
CVE
added 2025/04/09 7:56 p.m.81 views

CVE-2025-30651

CVE-2025-30651 affects Juniper Networks Junos OS and Junos OS Evolved. A Buffer Access with Incorrect Length Value in the routing protocol daemon (rpd) can be triggered by a specific ICMPv6 packet to an interface configured with protocol router-advertisement, causing rpd to crash and restart and ...

8.7CVSS7.6AI score0.00372EPSS
CVE
CVE
added 2024/07/11 4:30 p.m.79 views

CVE-2024-39552

CVE-2024-39552 affects Juniper Networks Junos OS and Junos OS Evolved: the RPD (routing protocol daemon) crashes when a malformed BGP UPDATE is received over an established BGP session, causing DoS. A network-based, unauthenticated attacker can trigger the crash via IPv4/IPv6 eBGP/iBGP traffic; i...

8.7CVSS7.6AI score0.00593EPSS
CVE
CVE
added 2022/01/19 12:21 a.m.76 views

CVE-2022-22169

CVE-2022-22169 affects Juniper Networks Junos OS and Junos OS Evolved. An improper initialization in the routing protocol daemon (rpd) can cause OSPFv3 to enter graceful-restart GR helper mode when a attacker sends crafted packets in specific order/timing, potentially causing a DoS via a stalled ...

5.9CVSS5.7AI score0.00827EPSS
CVE
CVE
added 2024/04/12 3:22 p.m.76 views

CVE-2024-30382

Juniper Networks Junos OS and Junos OS Evolved are affected by CVE-2024-30382 via an Improper Handling of Exceptional Conditions in the routing protocol daemon (rpd). A network-based, unauthenticated attacker can trigger a specific routing update when CB F (CoS-based forwarding) is configured wit...

8.7CVSS6.8AI score0.0071EPSS
CVE
CVE
added 2022/10/18 2:46 a.m.75 views

CVE-2022-22220

The CVE-2022-22220 issue is a TOCTOU race condition in Juniper Junos OS/rpd that can crash the process when a BGP flow route with a redirect IP is received while the next-hop reachability is flapping, enabling a network-based DoS. Affected software includes Junos OS and Junos OS Evolved across li...

5.9CVSS5.7AI score0.00444EPSS
CVE
CVE
added 2024/04/12 3:24 p.m.74 views

CVE-2024-30390

CVE-2024-30390 affects Juniper Networks Junos OS Evolved. The vulnerability is an improper restriction of excessive authentication attempts: after a connection is blocked for exceeding connections-per-second, the system does not consider existing connections for subsequent attempts, allowing the ...

6.9CVSS6.8AI score0.0051EPSS
CVE
CVE
added 2025/04/09 7:57 p.m.74 views

CVE-2025-30653

CVE-2025-30653 describes an Expired Pointer Dereference in Juniper Networks Junos OS and Junos OS Evolved RPD (Routing Protocol Daemon). When an MPLS LSP is configured with node-link-protection and transport-class and an LSP flaps, rpd can crash and restart, causing a Denial of Service. Affected ...

6.5CVSS6.4AI score0.00219EPSS
CVE
CVE
added 2022/07/20 2:15 p.m.71 views

CVE-2022-22214

CVE-2022-22214 describes an improper input validation in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved. An adjacent attacker can trigger a specific transit IPv6 packet over MPLS that causes an FPC to crash and reboot, with continued receipt leading to a sust...

6.5CVSS6.3AI score0.0031EPSS
CVE
CVE
added 2024/10/09 8:0 p.m.71 views

CVE-2024-39515

CVE-2024-39515 affects Juniper Junos OS and Junos OS Evolved when BGP traceoptions are enabled. An unauthenticated network-based attacker can send a specifically malformed BGP packet to cause the routing protocol daemon (rpd) to crash and restart, producing a Denial of Service. Sustained processi...

8.7CVSS7.6AI score0.00438EPSS
CVE
CVE
added 2024/04/12 3:7 p.m.70 views

CVE-2024-30394

CVE-2024-30394 affects Junos OS and Junos OS Evolved. It is a Stack-based Buffer Overflow in the Routing Protocol Daemon (RPD) triggered when EVPN is configured and a specific EVPN type-5 route is learned via BGP, causing an unauthenticated network-based attacker to crash rpd and induce DoS. Affe...

8.7CVSS6.7AI score0.00664EPSS
CVE
CVE
added 2024/07/11 4:21 p.m.69 views

CVE-2024-39543

CVE-2024-39543 affects Juniper Networks Junos OS and Junos OS Evolved. The root cause is a buffer copy without input size validation in the routing protocol daemon (rpd), which allows an unauthenticated adjacent attacker to send crafted RPKI-RTR packets, crashing rpd and causing a DoS. Affected r...

7.1CVSS6.4AI score0.00332EPSS
CVE
CVE
added 2024/07/10 10:39 p.m.69 views

CVE-2024-39557

CVE-2024-39557 describes an Uncontrolled Resource Consumption vulnerability in Juniper Networks Junos OS Evolved, caused by a memory leak in the Layer 2 Address Learning Daemon (l2ald) triggered by certain MAC table updates. This memory leak can exhaust system memory, causing a crash and DoS. Aff...

7.1CVSS6.6AI score0.00248EPSS
CVE
CVE
added 2025/04/09 7:50 p.m.69 views

CVE-2025-21597

CVE-2025-21597 covers an issue in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. When BGP rib-sharding and update-threading are configured, a remote, unauthenticated, logically adjacent BGP peer can cause rpd to crash and restart via a specific timing of peer...

6CVSS5.4AI score0.0022EPSS
CVE
CVE
added 2022/10/18 2:46 a.m.68 views

CVE-2022-22211

Summary: CVE-2022-22211 affects Juniper Networks Junos OS Evolved on PTX Series. A DoS occurs when an unprivileged attacker continuously polls the SNMP jnxCosQstatTable, exhausting FPC GUID space and rendering FPC resources unreachable. The issue manifests via specific syslog messages (evo-aftman...

7.5CVSS7.5AI score0.00616EPSS
CVE
CVE
added 2022/10/18 2:46 a.m.68 views

CVE-2022-22225

TOCTOU race condition in Juniper Junos OS and Junos OS Evolved’s Routing Protocol Daemon (rpd) allows an unauthenticated attacker on an established BGP session to trigger a DoS by crashing rpd when a route in a BGP multipath flap scenario is a contributing route. Affected versions include Junos O...

5.9CVSS5.8AI score0.00444EPSS
CVE
CVE
added 2024/10/09 8:0 p.m.67 views

CVE-2024-39516

CVE-2024-39516 is an Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. An unauthenticated network attacker can send a specially malformed BGP packet to cause rpd to crash and restart, producing a DoS. The issue affects iBGP/eB...

8.7CVSS7.6AI score0.00433EPSS
CVE
CVE
added 2023/01/12 12:0 a.m.66 views

CVE-2023-22406

CVE-2023-22406 affects Juniper Networks Junos OS and Junos OS Evolved. It is a memory-leak/DoS issue in the kernel that manifests when a peer interface flaps in a Segment Routing scenario using OSPF, causing continuous memory growth in rpd and eventual rpd crash. Affected versions include Junos O...

6.5CVSS6.4AI score0.00309EPSS
CVE
CVE
added 2024/07/10 11:5 p.m.66 views

CVE-2024-39514

CVE-2024-39514 affects Junos OS and Junos OS Evolved. An attacker—adjacent, unauthenticated—can trigger a crash of the Routing Protocol Daemon (rpd) by sending specific traffic on devices with EVPN-VPWS and IGMP-snooping enabled, causing a DoS. Affected ranges are listed per release: Junos OS ver...

7.1CVSS6.6AI score0.00246EPSS
CVE
CVE
added 2024/07/10 10:40 p.m.66 views

CVE-2024-39558

CVE-2024-39558 affects Junos OS and Junos OS Evolved. An Unchecked Return Value in Routing Protocol Daemon (rpd) can be triggered by a specific PIM packet when MoFRR is configured, causing rpd to crash and reboot and leading to DoS. Impact is confirmed on multiple Junos OS/Junos OS Evolved versio...

7.1CVSS6.4AI score0.00259EPSS
CVE
CVE
added 2025/04/09 8:1 p.m.66 views

CVE-2025-30655

CVE-2025-30655 affects Juniper Networks Junos OS and Junos OS Evolved. The issue is in the Routing Protocol Daemon (rpd) and causes a local, low-privileged attacker to trigger a Denial-of-Service by running the CLI command "show bgp neighbor" when BGP RIB sharding and update-threading are enabled...

6.8CVSS7AI score0.00129EPSS
CVE
CVE
added 2024/07/11 4:2 p.m.65 views

CVE-2024-39528

CVE-2024-39528 — AUse After Free in Juniper Junos OS/Junos OS Evolved Routing Protocol Daemon (rpd) causes a segmentation fault on a specific sequence (routing-instance deactivation + SNMP request), leading to rpd crash and DoS. Affected: Junos OS and Junos OS Evolved. Reported vulnerable version...

6CVSS5.5AI score0.00335EPSS
CVE
CVE
added 2023/10/12 11:0 p.m.64 views

CVE-2023-44177

CVE-2023-44177 affects Juniper Networks Junos OS and Junos OS Evolved. It is a stack-based buffer overflow in the CLI command processing that allows a low-privileged attacker to cause a Denial of Service by executing targeted CLI commands. Repeated actions can sustain DoS. Affected versions inclu...

5.5CVSS5.8AI score0.00163EPSS
CVE
CVE
added 2023/10/12 11:2 p.m.64 views

CVE-2023-44185

CVE-2023-44185 affects Juniper Junos OS and Junos OS Evolved. It is an Improper Input Validation in the routing protocol daemon (rpd) that allows an attacker to cause a Denial of Service by processing a specific malformed ISO VPN BGP UPDATE packet. Continued receipt yields a sustained DoS on the ...

7.5CVSS7.4AI score0.00515EPSS
CVE
CVE
added 2024/07/11 3:56 p.m.64 views

CVE-2024-39520

CVE-2024-39520: An Improper Neutralization of Special Elements vulnerability in Junos OS Evolved CLI parameter handling allows a locally authenticated, low-privilege attacker to escalate to root. Affected versions include all before 20.4R3-S6-EVO; 21.2-EVO before 21.2R3-S4-EVO; 21.4-EVO before 21...

8.5CVSS7.9AI score0.0025EPSS
CVE
CVE
added 2025/04/09 8:0 p.m.64 views

CVE-2025-30654

CVE-2025-30654 affects Junos OS and Junos OS Evolved. A local, low-privileged attacker with CLI access can exploit the UI via a specific show mgd command to view sensitive information, including password hashes. Affected versions include Junos OS pre-21.4R3-S10, 22.2 before 22.2R3-S5, 22.4 before...

6.8CVSS6.5AI score0.00154EPSS
CVE
CVE
added 2022/10/18 2:46 a.m.63 views

CVE-2022-22224

The CVE-2022-22224 issue affects Juniper Networks Junos OS and Junos OS Evolved, where processing a malformed OSPF TLV can cause the periodic packet management daemon (PPMD) to enter an infinite loop. This unblocks an unauthenticated adjacent attacker to induce a DoS by affecting OSPF neighbor re...

6.5CVSS6.5AI score0.00296EPSS
CVE
CVE
added 2022/10/18 2:46 a.m.63 views

CVE-2022-22250

CVE-2022-22250 affects Juniper Networks Junos OS and Junos OS Evolved PFE. An improper control of a resource through its lifetime allows an unauthenticated adjacent attacker to cause a DoS via memory corruption when EVPN-MPLS MAC learned locally is deleted as remotely learned, potentially causing...

6.5CVSS6.6AI score0.00296EPSS
CVE
CVE
added 2023/10/12 11:6 p.m.63 views

CVE-2023-44201

Summary: CVE-2023-44201 affects Juniper Networks Junos OS and Junos OS Evolved. A local authenticated attacker can exploit an incorrect permission assignment for a critical resource to read configuration changes, potentially exposing password hashes during password changes. Affected products/vers...

5.5CVSS5.4AI score0.00145EPSS
CVE
CVE
added 2024/07/10 11:6 p.m.63 views

CVE-2024-39517

The CVE-2024-39517 issue affects Juniper Networks Junos OS and Junos OS Evolved, specifically the Layer 2 Address Learning Daemon (l2ald). In EVPN/VXLAN deployments, processing a high volume of certain Layer 2 packets can cause the Routing Protocol Daemon (rpd) to consume all CPU resources, leadi...

7.1CVSS6.5AI score0.00246EPSS
CVE
CVE
added 2024/07/10 10:38 p.m.63 views

CVE-2024-39556

Summary of CVE-2024-39556 : A stack-based buffer overflow vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker with CLI access to load a crafted certificate via the set security certificates command, potentially crashing the command management da...

7.1CVSS6.6AI score0.00094EPSS
CVE
CVE
added 2023/01/12 12:0 a.m.62 views

CVE-2023-22397

CVE-2023-22397 affects Juniper Networks Junos OS Evolved on PTX10003. The issue is an Allocation of Resources Without Limits or Throttling in the Packet Forwarding Engine (PFE) memory management, enabling an adjacent attacker to trigger a Time-of-check Time-of-use (TOCTOU) race that causes a memo...

6.1CVSS6.5AI score0.00181EPSS
CVE
CVE
added 2023/01/12 12:0 a.m.62 views

CVE-2023-22407

The CVE-2023-22407 entry describes an Incomplete Cleanup vulnerability in Juniper Networks Junos OS and Junos OS Evolved, affecting the Routing Protocol Daemon (rpd). The issue can allow an adjacent, unauthenticated attacker to cause a Denial of Service (DoS) by triggering an rpd crash when an MP...

6.5CVSS6.4AI score0.00309EPSS
CVE
CVE
added 2023/10/12 11:1 p.m.62 views

CVE-2023-44182

CVE-2023-44182 affects Juniper Networks Junos OS and Junos OS Evolved, via an unchecked return value in multiple user interfaces (CLI, XML API, XML Management Protocol, NETCONF, gNMI, and J-Web) that can cause privilege demotion/elevation based on operator actions. Affected are Junos OS versions ...

8.8CVSS8.3AI score0.00582EPSS
Total number of security vulnerabilities127