Lucene search
+L

231 matches found

CVE
CVE
added 2022/10/18 2:46 a.m.66 views

CVE-2022-22244

CVE-2022-22244 affects Juniper Networks Junos OS in the J-Web component. An unauthenticated attacker can send a crafted POST to reach the XPath channel, potentially chaining to other vulnerabilities and causing a partial loss of confidentiality. Affected Junos OS versions range broadly from befor...

5.3CVSS5.7AI score0.0049EPSS
CVE
CVE
added 2023/01/12 12:0 a.m.66 views

CVE-2023-22407

The CVE-2023-22407 entry describes an Incomplete Cleanup vulnerability in Juniper Networks Junos OS and Junos OS Evolved, affecting the Routing Protocol Daemon (rpd). The issue can allow an adjacent, unauthenticated attacker to cause a Denial of Service (DoS) by triggering an rpd crash when an MP...

6.5CVSS6.4AI score0.00309EPSS
CVE
CVE
added 2023/01/12 12:0 a.m.66 views

CVE-2023-22416

CVE-2023-22416 : A buffer overflow in the SIP ALG flowd component of Juniper Networks Junos OS on MX and SRX Series enables network-based, unauthenticated DoS on receipt of a malformed SIP packet. Affected: Junos OS releases on MX/SRX with SIP ALG enabled (various 20.4, 21.x, 22.x train versions ...

7.5CVSS7.5AI score0.00654EPSS
CVE
CVE
added 2023/10/12 11:1 p.m.66 views

CVE-2023-44182

CVE-2023-44182 affects Juniper Networks Junos OS and Junos OS Evolved, via an unchecked return value in multiple user interfaces (CLI, XML API, XML Management Protocol, NETCONF, gNMI, and J-Web) that can cause privilege demotion/elevation based on operator actions. Affected are Junos OS versions ...

8.8CVSS8.3AI score0.00582EPSS
CVE
CVE
added 2023/10/12 11:2 p.m.66 views

CVE-2023-44185

CVE-2023-44185 affects Juniper Junos OS and Junos OS Evolved. It is an Improper Input Validation in the routing protocol daemon (rpd) that allows an attacker to cause a Denial of Service by processing a specific malformed ISO VPN BGP UPDATE packet. Continued receipt yields a sustained DoS on the ...

7.5CVSS7.4AI score0.00515EPSS
CVE
CVE
added 2023/10/12 11:5 p.m.66 views

CVE-2023-44198

CVE-2023-44198 affects Juniper Networks Junos OS SIP ALG on SRX Series and MX Series. The vulnerability stems from an improper check for unusual or exceptional conditions, enabling an unauthenticated, network-based attacker to cause an integrity impact in connected networks. When SIP ALG is enabl...

7.5CVSS6.6AI score0.00354EPSS
CVE
CVE
added 2025/01/09 4:41 p.m.66 views

CVE-2025-21593

Summary (supported by provided documents): CVE-2025-21593 is an improper resource lifecycle control vulnerability in Juniper Junos OS and Junos OS Evolved dengan rpd, exploitable by an unauthenticated network attacker on devices with SRv6 enabled. The attacker can send malformed BGP UPDATE packet...

7.1CVSS6.6AI score0.00231EPSS
CVE
CVE
added 2023/10/12 11:0 p.m.65 views

CVE-2023-44177

CVE-2023-44177 affects Juniper Networks Junos OS and Junos OS Evolved. It is a stack-based buffer overflow in the CLI command processing that allows a low-privileged attacker to cause a Denial of Service by executing targeted CLI commands. Repeated actions can sustain DoS. Affected versions inclu...

5.5CVSS5.8AI score0.00163EPSS
CVE
CVE
added 2024/07/10 11:6 p.m.65 views

CVE-2024-39517

The CVE-2024-39517 issue affects Juniper Networks Junos OS and Junos OS Evolved, specifically the Layer 2 Address Learning Daemon (l2ald). In EVPN/VXLAN deployments, processing a high volume of certain Layer 2 packets can cause the Routing Protocol Daemon (rpd) to consume all CPU resources, leadi...

7.1CVSS6.5AI score0.00246EPSS
CVE
CVE
added 2025/04/09 7:57 p.m.65 views

CVE-2025-30652

CVE-2025-30652 affects Juniper Junos OS and Junos OS Evolved. The vulnerability is an improper handling of exceptional conditions in the routing protocol daemon (rpd) that allows a local, low-privilege attacker to trigger a Denial of Service by executing a specific CLI command when asregex-optimi...

6.8CVSS5.7AI score0.00154EPSS
CVE
CVE
added 2021/10/19 6:16 p.m.64 views

CVE-2021-31365

CVE-2021-31365 describes an Uncontrolled Resource Consumption vulnerability in Juniper Networks Junos OS on the EX2300, EX3400 and EX4300 Series. An adjacent attacker sending a stream of specific Layer 2 frames can cause an Aggregated Ethernet (AE) interface to go down, resulting in a Denial of S...

6.5CVSS6.3AI score0.00385EPSS
CVE
CVE
added 2023/01/12 12:0 a.m.64 views

CVE-2023-22415

CVE-2023-22415 is an out-of-bounds write in the H.323 ALG of Junos OS that causes the flowd daemon to crash and can lead to a DoS when specific H.323 packets are received concurrently on MX and SRX Series devices. Affected versions include Junos OS on MX/SRX prior to: 19.4R3-S10; 20.2R3-S6; 20.3R...

7.5CVSS7.5AI score0.00781EPSS
CVE
CVE
added 2023/04/17 12:0 a.m.64 views

CVE-2023-28959

The CVE-2023-28959 entry affects Juniper Networks Junos OS on QFX10002. The issue is an improper check/handling of exceptional conditions in packet processing, triggered by a specially malformed packet sent by an unauthenticated, adjacent attacker on the local broadcast domain. Exploitation wedge...

6.5CVSS6.4AI score0.00303EPSS
CVE
CVE
added 2023/04/17 12:0 a.m.64 views

CVE-2023-28961

CVE-2023-28961 affects Juniper Networks Junos OS on ACX Series devices. The vulnerability arises in IPv6 firewall filter processing where a filter term using from next-header ah cannot be installed in the packet forwarding engine (PFE) due to an unsupported IP-protocol (51) match, potentially all...

5.8CVSS5.4AI score0.00417EPSS
CVE
CVE
added 2023/04/17 12:0 a.m.64 views

CVE-2023-28979

CVE-2023-28979 affects Juniper Networks Junos OS kernels across multiple branches, enabling an adjacent attacker to bypass an integrity check in 6PE scenarios when an additional integrity check is configured. The issue causes specific malformed IPv6 packets to fail the integrity check and be forw...

4.7CVSS4.8AI score0.00273EPSS
CVE
CVE
added 2023/10/12 11:6 p.m.64 views

CVE-2023-44201

Summary: CVE-2023-44201 affects Juniper Networks Junos OS and Junos OS Evolved. A local authenticated attacker can exploit an incorrect permission assignment for a critical resource to read configuration changes, potentially exposing password hashes during password changes. Affected products/vers...

5.5CVSS5.4AI score0.00145EPSS
CVE
CVE
added 2024/10/09 8:1 p.m.64 views

CVE-2024-39525

CVE-2024-39525 affects Juniper Networks Junos OS and Junos OS Evolved. The issue is an improper handling of exceptional conditions in the routing protocol daemon (rpd) that can be triggered by an unauthenticated network-based attacker sending a crafted BGP packet, causing rpd to crash and restart...

8.7CVSS7.6AI score0.00434EPSS
CVE
CVE
added 2024/07/11 4:6 p.m.64 views

CVE-2024-39532

Summary: CVE-2024-39532 affects Juniper Networks Junos OS and Junos OS Evolved. Local, authenticated attackers with high privileges can access sensitive information stored in a log file when a specific operation is performed, due to insertion of sensitive information into the log. Affected versio...

6.3CVSS6AI score0.00155EPSS
CVE
CVE
added 2024/10/11 3:28 p.m.64 views

CVE-2024-47497

CVE-2024-47497 affects Juniper Junos OS on SRX, QFX, MX and EX Series. The vulnerability is an Uncontrolled Resource Consumption in the httpd process when handling certain HTTPS requests, causing unauthenticated, network-based DoS via resource exhaustion and device restart. Affected versions incl...

8.7CVSS7.6AI score0.00575EPSS
CVE
CVE
added 2024/10/11 3:32 p.m.64 views

CVE-2024-47503

CVE-2024-47503 affects Juniper Junos OS on SRX4600/SRX5000 series. An unauthenticated, logically adjacent attacker can trigger a DoS by sending a sequence of specific PIM packets, causing flowd to crash and restart in multicast scenarios. Affected versions are those listed as 'before' certain rel...

7.1CVSS6.5AI score0.00321EPSS
CVE
CVE
added 2025/04/09 7:53 p.m.64 views

CVE-2025-30646

CVE-2025-30646 affects Junos OS and Junos OS Evolved. A Signed to Unsigned Conversion Error in the Layer 2 Control Protocol daemon (l2cpd) allows an unauthenticated adjacent attacker to cause the l2cpd process to crash and restart by sending a specially formed LLDP TLV, yielding a Denial of Servi...

7.1CVSS7AI score0.00235EPSS
CVE
CVE
added 2004/07/08 4:0 a.m.63 views

CVE-2004-0468

CVE-2004-0468 describes a memory leak in Juniper’s JUNOS Packet Forwarding Engine (PFE) that can be exploited remotely by IPv6 packets to cause memory exhaustion and router reboot (DoS). OpenVAS notes a DoS vulnerability in Juniper Junos OS DoS vulnerability (CVE-2004-0468) tied to memory leakage...

5CVSS6.6AI score0.03193EPSS
CVE
CVE
added 2022/10/18 2:46 a.m.63 views

CVE-2022-22223

CVE-2022-22223 affects Juniper Networks Junos OS on QFX10000 Series devices configured as transit IP/MPLS PHP nodes with LAG interfaces. An improper validation of an input index/position/offset allows crafted IP packets (IPv4 or IPv6) to detach multiple interfaces in a LAG, causing a DoS; sustain...

7.5CVSS7.2AI score0.00766EPSS
CVE
CVE
added 2023/04/17 12:0 a.m.63 views

CVE-2023-28970

Technical details about CVE-2023-28970 are not publicly available in the provided connected documents. Monitor for updates; no new information on affected versions, root cause specifics, exploitation status, or remediation is present here.

6.5CVSS6.3AI score0.00303EPSS
CVE
CVE
added 2023/04/17 12:0 a.m.63 views

CVE-2023-28976

This CVE involves an Improper Check for Unusual or Exceptional Conditions in the PFE of Juniper Networks Junos OS on MX Series. A network-based attacker can trigger a DoS by sending traffic that exceeds the DDoS threshold, causing the ingress PFE to crash and restart and potentially sustaining a ...

7.5CVSS7.5AI score0.00616EPSS
CVE
CVE
added 2023/10/12 11:4 p.m.63 views

CVE-2023-44194

CVE-2023-44194 affects Juniper Networks Junos OS. The vulnerability is due to incorrect default permissions in a system directory, allowing an unauthenticated, locally-present attacker to create a backdoor with root privileges. Affected versions include all before 20.4R3-S5, 21.1 before 21.1R3-S4...

8.4CVSS7.8AI score0.00168EPSS
CVE
CVE
added 2023/10/12 11:5 p.m.63 views

CVE-2023-44197

CVE-2023-44197 describes an Out-of-Bounds Write in Juniper’s Routing Protocol Daemon (rpd) that allows an unauthenticated, network-based attacker to cause a DoS by crashing the rpd while processing BGP route updates. Affected products are Junos OS and Junos OS Evolved. Supported versions include:...

7.5CVSS7.4AI score0.00515EPSS
CVE
CVE
added 2025/01/09 4:41 p.m.63 views

CVE-2025-21596

CVE-2025-21596 concerns Junos OS on SRX1500, SRX4100 and SRX4200. The issue stems from improper handling of exceptional conditions in the CLI when executing the local, low-privilege attacker’s command “show chassis environment pem,” which crashes the chassis daemon (chassisd) and restarts it, cre...

6.8CVSS5.7AI score0.00154EPSS
CVE
CVE
added 2022/10/18 2:46 a.m.62 views

CVE-2022-22238

The vulnerability CVE-2022-22238 affects Juniper Networks Junos OS and Junos OS Evolved. An unauthenticated, adjacent attacker can trigger a Denial of Service by sending a malformed RESV message for a protected LSP, causing an incorrect internal state and an rpd core. Affected are Junos OS and Ju...

6.5CVSS5.8AI score0.00282EPSS
CVE
CVE
added 2023/04/17 12:0 a.m.62 views

CVE-2023-1697

The CVE-2023-1697 issue is an Improper Handling of Missing Values in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS . It causes a crash of the dcpfe process and a sustained Denial of Service (DoS) when a specific malformed ethernet frame is received. Affected products/versions in...

6.5CVSS6.5AI score0.00316EPSS
CVE
CVE
added 2024/01/12 12:48 a.m.62 views

CVE-2023-36842

Junos OS vulnerability CVE-2023-36842 affects the DHCP daemon (jdhcpd). An improper check for unusual conditions allows an adjacent, unauthenticated attacker sending a specific DHCP packet to a non-configured interface (on devices with forward-snooped-client) to trigger an infinite loop, causing ...

6.5CVSS6.5AI score0.00293EPSS
CVE
CVE
added 2020/04/08 7:25 p.m.61 views

CVE-2020-1614

CVE-2020-1614 : A hard-coded credentials vulnerability affects the Juniper Networks NFX250 Series vSRX VNF. It targets the vSRX VNF instance on versions prior to 19.2R1 and occurs when the root password has not been configured, allowing an attacker with access to an administrative service (e.g., ...

10CVSS9.8AI score0.01358EPSS
CVE
CVE
added 2023/10/12 11:1 p.m.61 views

CVE-2023-44181

The vulnerability CVE-2023-44181 affects Juniper Networks Junos OS on QFX5k devices, caused by an improperly implemented security check in storm control. When storm control is enabled and ICMPv6 traffic is present, packets can be punted to the ARP queue, creating an L2 loop that can lead to DoS c...

7.5CVSS7.5AI score0.00531EPSS
CVE
CVE
added 2025/01/09 4:39 p.m.61 views

CVE-2025-21592

The CVE-2025-21592 entry describes an information-disclosure vulnerability in Juniper Networks Junos OS for SRX Series. A local, low-privilege user with CLI access can view contents of sensitive files by executing either show services advanced-anti-malware or show services security-intelligence, ...

6.8CVSS5.4AI score0.00168EPSS
CVE
CVE
added 2026/07/09 9:2 p.m.61 views

CVE-2026-33799

CVE-2026-33799 describes an Out-of-bounds Write in the SNMP daemon (snmpd) of Juniper Networks Junos OS and Junos OS Evolved. An authenticated remote attacker can send specific valid SNMPv3 queries to trigger a memory leak, causing snmpd memory exhaustion over time, a resulting process crash, and...

5.3CVSS6AI score0.00368EPSS
CVE
CVE
added 2021/04/22 7:37 p.m.60 views

CVE-2021-0248

CVE-2021-0248 affects Juniper Networks Junos OS on NFX Series devices where a hard-coded credential flaw allows an attacker to take over any instance of an NFX deployment . The vulnerability is exploitable only via administrative interfaces . Affected scope is Junos OS versions prior to 19.1R1 on...

10CVSS9.4AI score0.0103EPSS
CVE
CVE
added 2022/10/18 2:46 a.m.60 views

CVE-2022-22208

CVE-2022-22208 describes a Use After Free in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (rdp) triggered by BGP session flaps. The race condition causes rpd crashes, leading to a network-based Denial of Service, with impact depending on the affected release. Affected ra...

5.9CVSS5.8AI score0.00427EPSS
CVE
CVE
added 2023/10/12 11:2 p.m.60 views

CVE-2023-44184

The CVE-2023-44184 issue affects Juniper Networks Junos OS and Junos OS Evolved in the mgd (management daemon) component. A memory-buffer bound check violation allows a network-based, authenticated, low-privileged attacker to execute a specific NETCONF command that can cause CPU denial of service...

6.5CVSS6.5AI score0.00502EPSS
CVE
CVE
added 2024/07/10 10:55 p.m.60 views

CVE-2024-39565

CVE-2024-39565 : J-Web XPath Injection in Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device. Affected Junos OS versions include all before 21.2R3-S8; 21.4 before 21.4R3-S7; 22.2 before 22.2R3-S4; 22.3 before 22.3R3-S3; 22.4 before 22.4R3-S2...

8.8CVSS9AI score0.00517EPSS
CVE
CVE
added 2023/04/17 12:0 a.m.59 views

CVE-2023-28962

The CVE-2023-28962 issue is a Junos OS J-Web vulnerability (upload-file.php) caused by improper authentication, enabling an unauthenticated, network-based attacker to upload arbitrary files to temporary folders. Affected products/versions include Juniper Networks Junos OS prior to 19.4R3-S11; 20....

9.8CVSS7.5AI score0.00559EPSS
CVE
CVE
added 2023/04/17 12:0 a.m.59 views

CVE-2023-28974

CVE-2023-28974 affects Juniper Networks Junos OS on MX Series. The vulnerability is in the bbe-smgd process and stems from an improper check for unusual or exceptional conditions, allowing an unauthenticated adjacent attacker to crash bbe-smgd by sending a specifically malformed ICMP packet. Impa...

7.4CVSS6.6AI score0.00303EPSS
CVE
CVE
added 2023/10/12 11:4 p.m.59 views

CVE-2023-44193

CVE-2023-44193 affects Juniper Networks Junos OS on MX Series hardware. The issue is an improper release of memory before removing the last reference in the Packet Forwarding Engine (PFE) that, when CFM is enabled in a VPLS scenario and a specific LDP-related command is executed, can cause an FPC...

5.5CVSS5.5AI score0.00165EPSS
CVE
CVE
added 2024/07/11 4:15 p.m.59 views

CVE-2024-39539

CVE-2024-39539 affects Junos OS on MX Series (pre-21.2R3-S6, pre-21.4R3-S6, pre-22.1R3-S5, pre-22.2R3-S3, pre-22.3R3-S2, pre-22.4R3, pre-23.2R2). It is a Missing Release of Memory after Effective Lifetime vulnerability causing memory leaks when subscribers log in repeatedly, ultimately triggering...

6CVSS5.3AI score0.00217EPSS
CVE
CVE
added 2023/01/12 12:0 a.m.58 views

CVE-2023-22409

This CVE concerns Juniper Networks Junos OS NAT functionality where an unchecked input for a loop condition in the NAT library can crash SPC3 on SRX/MX devices, causing a DoS when an inconsistent deterministic NAT configuration is used and a specific CLI command is executed. The issue is triggere...

5.5CVSS5.6AI score0.00174EPSS
CVE
CVE
added 2023/04/17 12:0 a.m.58 views

CVE-2023-28964

CVE-2023-28964 affects Juniper Networks Junos OS and Junos OS Evolved. The vulnerability arises from an improper handling of a length parameter in the routing protocol daemon (RPD) that processes BGP flowspec updates. A network-based, unauthenticated attacker can send malformed BGP flowspec data ...

7.5CVSS7.5AI score0.00644EPSS
CVE
CVE
added 2023/04/17 12:0 a.m.58 views

CVE-2023-28975

CVE-2023-28975 affects Juniper Networks Junos OS: an Un Unexpected Status Code or Return Value vulnerability in the kernel can cause a DoS when certain USB devices are plugged into the routing-engine (RE). An unauthenticated attacker with physical access can crash the kernel, forcing reboots and ...

4.6CVSS4.7AI score0.00288EPSS
CVE
CVE
added 2024/07/11 4:8 p.m.58 views

CVE-2024-39533

CVE-2024-39533 affects Junos OS on QFX5000 Series and EX4600 Series where an Unimplemented or Unsupported Feature in the UI allows an unauthenticated, network-based attacker to cause a minor integrity impact on downstream networks when certain match conditions (ip-source-address, ip-destination-a...

6.9CVSS5.7AI score0.00296EPSS
CVE
CVE
added 2024/10/11 3:28 p.m.58 views

CVE-2024-47496

CVE-2024-47496 affects Juniper Networks Junos OS on MX Series devices with MPC1–MPC9 line cards. A NULL pointer dereference in the Packet Forwarding Engine (pfe) can crash pfe when a specific command is run, causing traffic forwarding interruption and a sustained DoS until self-recovery. Affected...

6.8CVSS5.6AI score0.00201EPSS
CVE
CVE
added 2024/10/11 3:37 p.m.58 views

CVE-2024-47506

CVE-2024-47506 describes a deadlock in Juniper Networks Junos OS on SRX Series. When ATP Cloud inspection processes large traffic, the packet forwarding engine (PFE) can enter a deadlock, causing a PFE crash and restart and enabling a network-based attacker to trigger a DoS. Affected versions are...

8.2CVSS5.7AI score0.00276EPSS
CVE
CVE
added 2023/07/14 4:26 p.m.57 views

CVE-2023-36838

CVE-2023-36838 affects Juniper Networks Junos OS on SRX Series, with an out-of-bounds read in the flow processing daemon (flowd) that a local, authenticated, low-privilege attacker can exploit by issuing a specific CLI command to crash flowd and cause a DoS. The vulnerability can produce a core d...

5.5CVSS5.5AI score0.00184EPSS
Total number of security vulnerabilities231