Lucene search
K
JuniperJunos Space

78 matches found

CVE
CVE
added 2014/04/15 10:0 p.m.15705 views

CVE-2014-0429

CVE-2014-0429 is an unspecified vulnerability in the Java 2D component affecting Oracle Java SE 5.0u61, 6u71, 7u51, 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51. Impact is described as complete confidentiality, integrity, and availability violations via unknown vectors in the 2D comp...

10CVSS6.5AI score0.0751EPSS
CVE
CVE
added 2014/04/16 1:0 a.m.181 views

CVE-2014-0460

CVE-2014-0460 is an IBM-related vulnerability described as flaws in the JNDI DNS service provider that can enable spoofing DNS responses, impacting confidentiality and integrity (partial). Exploitation status is not indicated in the IBM bulletins. Affected IBM product: IBM System Networking Switc...

5.8CVSS6.4AI score0.04315EPSS
CVE
CVE
added 2014/04/16 1:0 a.m.168 views

CVE-2014-0453

CVE-2014-0453 is an IBM/Oracle Java vulnerability affecting IBM Runtime Environment Java Technology Edition (and IBM Java SDK/JRE bundles used in IBM products such as QRadar, Rational, and WebSphere-related tools). The vulnerability is described as an unspecified issue in the Security component w...

4CVSS5.2AI score0.04858EPSS
CVE
CVE
added 2014/04/16 1:0 a.m.166 views

CVE-2014-0457

CVE-2014-0457 is an unspecified vulnerability in Oracle Java SE components (5.0u61, 6u71, 7u51, 8; JRockit R27.8.1 and R28.3.1; Java SE Embedded 7u51) and related to the Libraries component, enabling remote attackers to impact confidentiality, integrity, and availability via unknown vectors. The ...

10CVSS6.5AI score0.0722EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.166 views

CVE-2014-6491

CVE-2014-6491 affects Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier, via SERVER:SSL:yaSSL, with partial confidentiality/integrity/availability impact. The IBM bulletin confirms linked CVEs and notes Guardium is vulnerable; the Debian advisory recommends upgrading to MySQL 5.5.40, ...

7.5CVSS6.4AI score0.05655EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.165 views

CVE-2014-6500

CVE-2014-6500 is an Oracle MySQL Server vulnerability affecting 5.5.39 and earlier and 5.6.20 and earlier, exploitable remotely via the SERVER:SSL:yaSSL vector with partial confidentiality, integrity, and availability impact. Multiple connected sources confirm this issue alongside CVE-2014-6491 a...

7.5CVSS6.4AI score0.05655EPSS
CVE
CVE
added 2014/04/16 1:0 a.m.163 views

CVE-2014-0456

CVE-2014-0456 is an unspecified remote vulnerability in Oracle Java SE (versions 6u71, 7u51, 8, and Java SE Embedded 7u51) and related Hotspot components. The issue enables confidentiality, integrity, and availability impact via unknown vectors and is documented across multiple advisories (e.g., ...

10CVSS6.3AI score0.06584EPSS
CVE
CVE
added 2015/06/15 3:0 p.m.152 views

CVE-2015-3209

CVE-2015-3209 : Heap-based buffer overflow in the QEMU PCNET network device allows remote code execution via crafted packet sequences (TXSTATUS_STARTPACKET then TXSTATUS_DEVICEOWNS). This is a QEMU vulnerability discussed in multiple advisories (notably Arista/Security Advisory 0013 and F5/Multi-...

7.5CVSS6.5AI score0.09668EPSS
CVE
CVE
added 2015/07/16 10:0 a.m.146 views

CVE-2015-2620

MiracleLinux 4 (AXSA:2015-464:01) lists CVE-2015-2620 among fixes for mysql55-mysql-5.5.45-1.0.1.AXS4. The advisory notes that updated packages upgrade MySQL to version 5. The description indicates an unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier affec...

4.3CVSS4.4AI score0.04715EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.145 views

CVE-2015-0501

CVE-2015-0501 is a MySQL Server vulnerability affecting 5.5.42 and earlier and 5.6.23 and earlier, where an unspecified issue in Server: Compiling could allow a remote authenticated user to disrupt availability. The connected documents confirm that exploitation details are not provided, and the a...

5.7CVSS4.8AI score0.09984EPSS
CVE
CVE
added 2014/04/16 2:5 a.m.136 views

CVE-2014-2421

CVE-2014-2421 is an unspecified vulnerability in the 2D component of Oracle Java SE (and related IBM SDK for Java builds) with a base impact of complete confidentiality, integrity, and availability. Connected IBM advisories confirm this CVE appears in multiple IBM products that bundle IBM SDK for...

10CVSS6.5AI score0.06584EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.133 views

CVE-2014-6559

CVE-2014-6559 affects Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier. The vulnerability is described as unspecified with respect to C API SSL CERTIFICATE HANDLING and could allow remote attackers to obtain confidential information (partial confidentiality impact). No exploit detai...

4.3CVSS5.6AI score0.04634EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.126 views

CVE-2014-6494

CVE-2014-6494 is an unspecified vulnerability in Oracle MySQL Server (affected: 5.5.39 and earlier; 5.6.20 and earlier) that can allow remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL. The IBM advisory lists the CVE among several issues affecting MySQL Server compon...

4.3CVSS6.4AI score0.04847EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.123 views

CVE-2014-6496

CVE-2014-6496 affects Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier, via CLIENT:SSL:yaSSL, causing availability issues (remote, unauthenticated). Affects MySQL Server component CLIENT:SSL:yaSSL; root cause is unspecified in the provided text. Public details across connected source...

4.3CVSS6.4AI score0.04349EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.108 views

CVE-2014-6478

CVE-2014-6478 affects Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier. The vulnerability is described as unspecified, enabling remote attackers to compromise integrity via vectors related to SERVER:SSL:yaSSL . The connected sources confirm the same CVE ID in multiple advisories and...

4.3CVSS6.3AI score0.02554EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.106 views

CVE-2014-6495

CVE-2014-6495 is described in the Initial document as an unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier, enabling remote attackers to affect availability via SERVER:SSL:yaSSL. Connected documents reference this CVE within broader MariaDB/MySQL vulnerabi...

4.3CVSS6.3AI score0.03004EPSS
CVE
CVE
added 2020/01/15 8:40 a.m.83 views

CVE-2020-1611

CVE-2020-1611 concerns Juniper Networks Junos Space Local File Inclusion via malicious HTTP packets, enabling an attacker to view arbitrary files on affected devices. The issue affects Junos Space versions prior to 19.4R1 and stems from a path traversal vulnerability in the device’s file access l...

6.5CVSS6.3AI score0.01667EPSS
CVE
CVE
added 2021/01/15 5:36 p.m.71 views

CVE-2021-0220

CVE-2021-0220 (Juniper Junos Space) affects Junos Space versions prior to 20.3R1. The issue is that shared secrets are stored in a recoverable format and can be exposed through the UI. An attacker who can run arbitrary code in the victim’s browser (e.g., via XSS) or access cached contents may obt...

6.8CVSS6.9AI score0.01154EPSS
CVE
CVE
added 2017/10/13 5:0 p.m.69 views

CVE-2017-10612

CVE-2017-10612 is a persistent cross-site scripting vulnerability in Juniper Networks Junos Space. The issue allows an attacker who can modify certain configuration data to inject malicious Javascript/HTML, potentially stealing information or acting as other Junos Space users or administrators. A...

8CVSS7.5AI score0.01289EPSS
CVE
CVE
added 2019/01/15 9:0 p.m.69 views

CVE-2019-0017

The CVE-2019-0017 issue affects Juniper Networks Junos Space: the application allows uploading Device Image files but lacks proper validation, enabling potential uploading of malicious images or scripts. Affected releases are Junos Space before 18.3R1. The description notes an insufficient validi...

8.8CVSS7.2AI score0.01101EPSS
CVE
CVE
added 2019/01/15 9:0 p.m.68 views

CVE-2019-0016

Junos Space is affected: Juniper Networks Junos Space versions prior to 18.3R1 allow a malicious authenticated user to delete a device from the database via crafted Ajax interactions that piggyback on another admin delete action. Root cause is a privilege/permission check bypass in the delete flo...

6.5CVSS6.5AI score0.00926EPSS
CVE
CVE
added 2017/10/13 5:0 p.m.67 views

CVE-2016-1265

Juniper Networks Junos Space is affected by CVE-2016-1265. All versions prior to 15.1R3 are vulnerable to remote, unauthenticated exploitation that may allow arbitrary code execution or access to devices managed by Junos Space via vectors including CSRF, default credentials, information disclosur...

9.8CVSS10AI score0.02295EPSS
CVE
CVE
added 2017/10/13 5:0 p.m.66 views

CVE-2017-10622

Juniper Networks Junos Space Network Management Platform is affected by an authentication bypass vulnerability (CVE-2017-10622). A remote unauthenticated attacker could login as any privileged user. Affected are Junos Space versions 17.1R1 without Patch v1 and 16.1 releases prior to 16.1R3. The i...

10CVSS9.6AI score0.05391EPSS
CVE
CVE
added 2018/01/10 10:0 p.m.66 views

CVE-2018-0011

CVE-2018-0011 is a reflected XSS vulnerability in Junos Space management interface. The issue allows a remote authenticated user to inject web script or HTML, potentially steal session data/credentials and perform administrative actions on the Junos Space device. Connected sources (e.g., NVD entr...

5.4CVSS5.5AI score0.00829EPSS
CVE
CVE
added 2017/10/13 5:0 p.m.64 views

CVE-2017-10623

CVE-2017-10623 affects Juniper Networks Junos Space: lack of authentication and authorization for cluster messages can enable a man-in-the-middle attacker to intercept, inject, or disrupt cluster operations between two nodes. Affected are Junos Space releases prior to 17.1R1. The provided documen...

8.1CVSS7.5AI score0.00917EPSS
CVE
CVE
added 2018/01/10 10:0 p.m.64 views

CVE-2018-0013

CVE-2018-0013 affects Juniper Networks Junos Space Network Management Platform. The vulnerability is a local file inclusion that may allow an authenticated user to retrieve files from the system. Public data lists CVSS v3.0 base score 6.5 (MEDIUM) with network attack vector, low complexity, and p...

6.5CVSS6.6AI score0.01222EPSS
CVE
CVE
added 2018/10/10 6:0 p.m.64 views

CVE-2018-0046

CVE-2018-0046 is a reflected cross-site scripting vulnerability in OpenNMS included with Juniper Junos Space, affecting Junos Space versions prior to 18.2R1. Connected sources (e.g., the JUNIPER_SPACE_JSA10880 NASL plug-in) explicitly list CVE-2018-0046 among multiple issues, confirming the vulne...

8.8CVSS5.8AI score0.01646EPSS
CVE
CVE
added 2017/05/30 2:0 p.m.62 views

CVE-2017-2307

CVE-2017-2307 affects Juniper Networks Junos Space (admin interface) prior to 16.1R1 and is a reflected cross-site scripting vulnerability. The issue can allow remote attackers to steal sensitive information or perform certain administrative actions, with exploitation requiring user interaction. ...

6.1CVSS6.5AI score0.0085EPSS
CVE
CVE
added 2013/08/16 10:0 a.m.60 views

CVE-2013-5095

CVE-2013-5095 is a documented XSS vulnerability in the web-based interface of Juniper Junos Space prior to 13.1R1.6 (e.g., JA1500 and related deployments). The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The available sources confirm the affected ...

4.3CVSS5.9AI score0.01374EPSS
CVE
CVE
added 2013/08/16 10:0 a.m.60 views

CVE-2013-5097

Juniper Junos Space before 13.1R1.6 (JA1500 and other contexts) exposes the list of user accounts and their MD5 password hashes due to improper access restriction, enabling remote authenticated users to obtain sensitive information via a dictionary attack. Affected are Junos Space deployments pri...

4CVSS6AI score0.0134EPSS
CVE
CVE
added 2017/10/13 5:0 p.m.60 views

CVE-2017-10624

CVE-2017-10624 affects Juniper Networks Junos Space prior to version 17.1R1, stemming from insufficient verification of node certificates. This can enable a network-attacker to perform a man-in-the-middle attack, potentially modifying the Space database or adding nodes. Connected documents corrob...

7.5CVSS7.5AI score0.00363EPSS
CVE
CVE
added 2018/01/10 10:0 p.m.59 views

CVE-2018-0012

CVE-2018-0012 affects Junos Space and describes a privilege-escalation vulnerability that could allow a local authenticated attacker to obtain root privileges. The connected documents confirm Junos Space as the affected product and identify the impact (local escalation to root) and the attack con...

7.8CVSS8AI score0.00337EPSS
CVE
CVE
added 2013/05/08 11:0 p.m.58 views

CVE-2013-3497

CVE-2013-3497 affects Juniper Junos Space prior to 12.3P2.8 (JA1500 and related deployments). The vulnerability exposes cleartext passwords in a configuration tab, enabling reading by physically proximate attackers who view the workstation screen. Exploitation details are not provided in the docu...

4.7CVSS6.8AI score0.00321EPSS
CVE
CVE
added 2018/04/05 5:0 p.m.57 views

CVE-2014-3413

The CVE-2014-3413 vulnerability affects Juniper Networks Junos Space prior to 13.3R1.8, where the MySQL server contains an unspecified hardcoded account password. This allows remote attackers with database access to obtain sensitive information and potentially gain administrative control. Affecte...

10CVSS9AI score0.02208EPSS
CVE
CVE
added 2017/05/30 2:0 p.m.57 views

CVE-2017-2306

CVE-2017-2306 affects Juniper Networks Junos Space: versions prior to 16.1R1 suffer from an insufficient authorization check in the administrative web interface, allowing readonly users to execute code on the device. This is described in the NVD entry for CVE-2017-2306, which notes remote code ex...

8.8CVSS9.1AI score0.01586EPSS
CVE
CVE
added 2018/10/10 6:0 p.m.57 views

CVE-2018-0047

CVE-2018-0047 describes a persistent cross-site scripting (XSS) vulnerability in the UI framework used by Juniper Networks Junos Space Security Director. A remote attacker with authentication can inject persistent scripts that may exfiltrate information or perform actions as another user when oth...

8CVSS5.9AI score0.00862EPSS
CVE
CVE
added 2013/08/16 10:0 a.m.56 views

CVE-2013-5096

CVE-2013-5096 concerns Juniper Junos Space before 13.1R1.6. The issue is a flawed role-based access control implementation that allows remote authenticated users to modify device configurations by abusing the read-only privilege (PR 863804). The affected product is Junos Space (JA1500 appliance a...

4CVSS6.4AI score0.01083EPSS
CVE
CVE
added 2017/05/30 2:0 p.m.56 views

CVE-2017-2305

CVE-2017-2305 concerns Juniper Networks Junos Space prior to 16.1R1, where an insufficient authorization check in the administrative web interface lets readonly users create privileged accounts, enabling privilege escalation. The vulnerability path and impact are described in the NVD entry as a u...

8.8CVSS8.9AI score0.01137EPSS
CVE
CVE
added 2017/05/30 2:0 p.m.54 views

CVE-2017-2311

CVE-2017-2311 affects Juniper Networks Junos Space before version 16.1R1. An unauthenticated remote attacker with network access can trigger a denial-of-service condition on the Junos Space device. The vulnerability is tied to the Junos Space software lineage as described in multiple sources; mit...

5.3CVSS6.1AI score0.01301EPSS
CVE
CVE
added 2018/01/10 10:0 p.m.52 views

CVE-2018-0010

CVE-2018-0010 affects Junos Space Security Director. The vulnerability allows a user without SSH access to a device to reuse a URL created for another user to gain SSH access. Affected releases are all versions prior to 17.2R1. The provided documents do not detail the underlying root cause beyond...

6.5CVSS6.4AI score0.00612EPSS
CVE
CVE
added 2024/10/11 3:21 p.m.52 views

CVE-2024-39563

CVE-2024-39563 affects Juniper Networks Junos Space, specifically version 24.1R1. A vulnerable script in the Junos Space web application accepts attacker-controlled input from a GET request without proper sanitization, enabling an unauthenticated, network-based attacker to execute arbitrary shell...

7.3CVSS7.8AI score0.01289EPSS
CVE
CVE
added 2017/05/30 2:0 p.m.51 views

CVE-2017-2308

The CVE-2017-2308 entry affects Juniper Networks Junos Space, with an XML External Entity (XXE) vulnerability in the web management interface. Affected: Junos Space versions prior to 16.1R1. The underlying issue allows an authenticated user to read arbitrary files on the device. Impact: Partial c...

6.5CVSS7.1AI score0.01209EPSS
CVE
CVE
added 2017/05/30 2:0 p.m.51 views

CVE-2017-2310

CVE-2017-2310 affects Juniper Networks Junos Space; a firewall bypass vulnerability exists in the host-based firewall for versions prior to 16.1R1 that may permit certain crafted packets, posing a network integrity risk. Exploitation status is not detailed in the provided documents. According to ...

5.3CVSS6.2AI score0.01128EPSS
CVE
CVE
added 2017/05/30 2:0 p.m.50 views

CVE-2017-2309

Affected product: Juniper Networks Junos Space (versions prior to 16.1R1). Vulnerability: Information disclosure due to certificate-based authentication enabling access to restricted web services over the network. Impact: Confidentiality impact is high; information leak risk reported. Status/reme...

5.9CVSS6.6AI score0.00792EPSS
CVE
CVE
added 2017/03/20 8:0 p.m.49 views

CVE-2016-4926

CVE-2016-4926 affects Juniper Networks’ Junos Space prior to version 15.2R2 . It is an authentication bypass in the web interface, enabling remote network‑based attackers with access to Junos Space to perform administrative actions without authentication. Public details in the provided documents ...

9.8CVSS9.5AI score0.02454EPSS
CVE
CVE
added 2017/03/20 8:0 p.m.48 views

CVE-2016-4927

CVE-2016-4927 affects Junos Space (pre-15.2R2). The root cause is insufficient validation of SSH keys during Space-to-managed-device communications, enabling MITM-style attacks. Impact is partial confidentiality/integrity/availability according to CVSS, with network access and no authentication r...

8.1CVSS8.3AI score0.01167EPSS
CVE
CVE
added 2014/05/20 2:0 p.m.47 views

CVE-2014-3412

Juniper Junos Space up to version 13.3R1.8 is affected when the firewall is disabled. A remote attacker could execute arbitrary commands, potentially with root privileges, on affected installations. The Nessus entry confirms the condition (firewall disabled) and the affected range (before 13.3R1....

10CVSS7.8AI score0.04656EPSS
CVE
CVE
added 2017/03/20 8:0 p.m.47 views

CVE-2016-4928

The provided connected documents confirm CVE-2016-4928 as a Cross-Site Request Forgery vulnerability in Junos Space prior to version 15.2R2. The root cause is CSRF that allows remote attackers to perform certain administrative actions on Junos Space. Affected software is Junos Space (version

8.8CVSS9AI score0.0066EPSS
CVE
CVE
added 2017/03/20 8:0 p.m.46 views

CVE-2016-4929

The CVE-2016-4929 vulnerability affects Juniper Networks Junos Space prior to version 15.2R2. It enables a command-injection that allows an attacker to execute arbitrary code with root privileges on affected devices. The issue stems from improper handling of input in the Junos Space management in...

9CVSS9.3AI score0.03777EPSS
CVE
CVE
added 2017/03/20 8:0 p.m.46 views

CVE-2016-4931

CVE-2016-4931 affects Juniper Networks Junos Space prior to 15.2R2. The issue is an XML External Entity (XXE) injection in the product, allowing an attacker to trigger a denial of service. Public records consistently describe the vulnerability as an XML entity injection that can cause service dis...

6.5CVSS7AI score0.00919EPSS
Total number of security vulnerabilities78