Lucene search

K
JuniperJunos19.3

189 matches found

CVE
CVE
added 2020/05/04 10:15 a.m.972 views

CVE-2020-1631

A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. Using this vulnerabi...

9.8CVSS9.7AI score0.05639EPSS
CVE
CVE
added 2022/07/20 3:15 p.m.889 views

CVE-2022-22215

A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module (PAM) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). It is possible that after t...

6.5CVSS5.8AI score0.00279EPSS
CVE
CVE
added 2022/03/23 1:15 p.m.738 views

CVE-2021-25220

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not...

6.8CVSS7AI score0.00069EPSS
CVE
CVE
added 2020/03/06 3:15 p.m.649 views

CVE-2020-10188

utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

10CVSS9.9AI score0.11181EPSS
CVE
CVE
added 2022/10/18 3:15 a.m.114 views

CVE-2022-22249

An Improper Control of a Resource Through its Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). When there is a continuous mac move a memory corruption causes one or ...

6.5CVSS6.6AI score0.00105EPSS
CVE
CVE
added 2021/07/15 8:15 p.m.95 views

CVE-2021-0291

An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high rate of spe...

6.5CVSS6.2AI score0.00285EPSS
CVE
CVE
added 2021/08/17 11:15 p.m.94 views

CVE-2021-0284

A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of Se...

7.8CVSS7.5AI score0.00437EPSS
CVE
CVE
added 2021/01/15 6:15 p.m.92 views

CVE-2021-0211

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (RPD) service allows an attacker to send a valid BGP FlowSpec message thereby causing an unexpected change in the route advertisements within the BGP FlowSpec domain lea...

10CVSS9.4AI score0.00389EPSS
CVE
CVE
added 2021/01/15 6:15 p.m.90 views

CVE-2021-0219

A command injection vulnerability in install package validation subsystem of Juniper Networks Junos OS that may allow a locally authenticated attacker with privileges to execute commands with root privilege. To validate a package in Junos before installation, an administrator executes the command '...

7.2CVSS6.7AI score0.00037EPSS
CVE
CVE
added 2021/01/15 6:15 p.m.86 views

CVE-2021-0210

An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the target system through opportunistic use of an authenticated users session. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12...

6.8CVSS6.5AI score0.00416EPSS
CVE
CVE
added 2020/10/16 9:15 p.m.85 views

CVE-2020-1684

On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Application identification is enabled by default and is automatically turned on when Intrusio...

7.5CVSS7.5AI score0.00389EPSS
CVE
CVE
added 2021/01/15 6:15 p.m.84 views

CVE-2021-0206

A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to send a specific packet causing the packet forwarding engine (PFE) to crash and restart, resulting in a Denial of Service (DoS). By continuously sending these specific packets, an attacker can repeatedly disa...

7.5CVSS7.5AI score0.0039EPSS
CVE
CVE
added 2021/01/15 6:15 p.m.83 views

CVE-2021-0207

An improper interpretation conflict of certain data between certain software components within the Juniper Networks Junos OS devices does not allow certain traffic to pass through the device upon receipt from an ingress interface filtering certain specific types of traffic which is then being redir...

7.5CVSS7.6AI score0.00389EPSS
CVE
CVE
added 2021/10/19 7:15 p.m.83 views

CVE-2021-31382

On PTX1000 System, PTX10002-60C System, after upgrading to an affected release, a Race Condition vulnerability between the chassis daemon (chassisd) and firewall process (dfwd) of Juniper Networks Junos OS, may update the device's interfaces with incorrect firewall filters. This issue only occurs w...

9CVSS7.8AI score0.00216EPSS
CVE
CVE
added 2021/01/15 6:15 p.m.79 views

CVE-2021-0208

An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malformed RSVP packet when bidirectional LSPs are in use, which when received by an egress router crashes the RPD causing a Denial of Service (DoS) condi...

8.8CVSS8.6AI score0.00167EPSS
CVE
CVE
added 2021/01/15 6:15 p.m.79 views

CVE-2021-0215

On Juniper Networks Junos EX series, QFX Series, MX Series and SRX branch series devices, a memory leak occurs every time the 802.1X authenticator port interface flaps which can lead to other processes, such as the pfex process, responsible for packet forwarding, to crash and restart. An administra...

6.5CVSS6.5AI score0.00107EPSS
CVE
CVE
added 2021/01/15 6:15 p.m.78 views

CVE-2021-0222

A vulnerability in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending certain crafted protocol packets from an adjacent device with invalid payloads to the device. These crafted packets, which should be discarded, are instead replicated and sent...

7.4CVSS7.4AI score0.00042EPSS
CVE
CVE
added 2021/01/15 6:15 p.m.77 views

CVE-2021-0223

A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root. telnetd.real is shipped with setuid permissions enabled and is owned by the root user, allowing local u...

7.8CVSS8.2AI score0.001EPSS
CVE
CVE
added 2021/07/15 8:15 p.m.77 views

CVE-2021-0283

A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of Se...

7.8CVSS7.7AI score0.00437EPSS
CVE
CVE
added 2022/04/14 4:15 p.m.77 views

CVE-2022-22185

A vulnerability in Juniper Networks Junos OS on SRX Series, allows a network-based unauthenticated attacker to cause a Denial of Service (DoS) by sending a specific fragmented packet to the device, resulting in a flowd process crash, which is responsible for packet forwarding. Continued receipt and...

7.5CVSS7.6AI score0.00441EPSS
CVE
CVE
added 2022/04/14 4:15 p.m.77 views

CVE-2022-22186

Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but not destined to the device, may be improperly forwarded to an egress interface, instead of being discarded. Such traffic being sent by a client may ...

7.2CVSS6.6AI score0.0039EPSS
CVE
CVE
added 2022/04/14 4:15 p.m.77 views

CVE-2022-22196

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker with an established ISIS adjacency to cause a Denial of Service (DoS). The rpd CPU spikes to 100%...

6.5CVSS6.5AI score0.00121EPSS
CVE
CVE
added 2021/01/15 6:15 p.m.76 views

CVE-2021-0221

In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on a PE, a traffic loop may occur upon receipt of specific IP multicast traffic. The traffic loop will cause interface traffic to increase abnormally, ultimately leading to a Denial of Service (DoS) in...

6.5CVSS6.5AI score0.00081EPSS
CVE
CVE
added 2022/04/14 4:15 p.m.75 views

CVE-2022-22182

A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects: Juniper Networks Junos OS 12....

8.8CVSS6.6AI score0.00653EPSS
CVE
CVE
added 2022/01/19 1:15 a.m.74 views

CVE-2022-22156

An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker to perform Person-in-the-Middle (PitM) attacks when a system script is fetched from a remote source at a specified HTTPS URL, which may compromise the integrity and confidentiality of the device. The fol...

7.4CVSS6.9AI score0.00116EPSS
CVE
CVE
added 2021/01/15 6:15 p.m.72 views

CVE-2021-0218

A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low privileges to execute commands with root privilege. license-check is a daemon used to manage licenses in Junos OS. To update licenses, a user executes ...

7.8CVSS7.8AI score0.00349EPSS
CVE
CVE
added 2022/04/14 4:15 p.m.72 views

CVE-2022-22191

A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwa...

6.5CVSS6.4AI score0.002EPSS
CVE
CVE
added 2021/01/15 6:15 p.m.71 views

CVE-2021-0204

A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authenticated shell user the ability to create and read database files generated by the dexp utility, including password hashes of local users. Since dexp i...

7.8CVSS7.2AI score0.00088EPSS
CVE
CVE
added 2021/10/19 7:15 p.m.71 views

CVE-2021-31362

A Protection Mechanism Failure vulnerability in RPD (routing protocol daemon) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause established IS-IS adjacencies to go down by sending a spoofed hello PDU leading to a Denial of Service (DoS) condition...

6.5CVSS6.4AI score0.00084EPSS
CVE
CVE
added 2022/10/18 3:15 a.m.71 views

CVE-2022-22241

An Improper Input Validation vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data without proper authorization. Utilizing a crafted POST request, deserialization may occur which could lead to unauthorized local file access or the abi...

9.8CVSS9AI score0.00396EPSS
CVE
CVE
added 2022/04/14 4:15 p.m.70 views

CVE-2022-22197

An Operation on a Resource after Expiration or Release vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker with an established BGP session to cause a Denial of Service (DoS). This issue occurs when pro...

7.5CVSS7.5AI score0.00787EPSS
CVE
CVE
added 2021/07/15 8:15 p.m.69 views

CVE-2021-0277

An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS), or may lead to remote code execution (RCE). Continued rec...

8.8CVSS8.8AI score0.00231EPSS
CVE
CVE
added 2022/01/19 1:15 a.m.69 views

CVE-2022-22172

A Missing Release of Memory after Effective Lifetime vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a memory leak. Continued exploitation can lead to memory exhaustion and thereby a...

6.5CVSS6.5AI score0.00081EPSS
CVE
CVE
added 2021/10/19 7:15 p.m.67 views

CVE-2021-31368

An Uncontrolled Resource Consumption vulnerability in the kernel of Juniper Networks JUNOS OS allows an unauthenticated network based attacker to cause 100% CPU load and the device to become unresponsive by sending a flood of traffic to the out-of-band management ethernet port. Continued receipted ...

7.8CVSS7.4AI score0.00513EPSS
CVE
CVE
added 2022/04/14 4:15 p.m.67 views

CVE-2022-22181

A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a network-based authenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web. This may allow the attacker to gain control of ...

8CVSS5.7AI score0.00769EPSS
CVE
CVE
added 2021/01/15 6:15 p.m.66 views

CVE-2021-0203

On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm Control profile applied on the RTG interface might not take affect when it reaches the threshold condition. Storm Control enables the device to monitor traffic levels and to drop broadcast, multicas...

8.6CVSS8.6AI score0.00389EPSS
CVE
CVE
added 2021/10/19 7:15 p.m.66 views

CVE-2021-31363

In an MPLS P2MP environment a Loop with Unreachable Exit Condition vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause high load on RPD which in turn may lead to routing protocol flaps. If a system...

6.5CVSS6.4AI score0.00081EPSS
CVE
CVE
added 2021/01/15 6:15 p.m.65 views

CVE-2021-0217

A vulnerability in processing of certain DHCP packets from adjacent clients on EX Series and QFX Series switches running Juniper Networks Junos OS with DHCP local/relay server configured may lead to exhaustion of DMA memory causing a Denial of Service (DoS). Over time, exploitation of this vulnerab...

7.4CVSS7.7AI score0.00107EPSS
CVE
CVE
added 2021/10/19 7:15 p.m.65 views

CVE-2021-31350

An Improper Privilege Management vulnerability in the gRPC framework, used by the Juniper Extension Toolkit (JET) API on Juniper Networks Junos OS and Junos OS Evolved, allows a network-based, low-privileged authenticated attacker to perform operations as root, leading to complete compromise of the...

9CVSS8AI score0.00342EPSS
CVE
CVE
added 2021/10/19 7:15 p.m.65 views

CVE-2021-31351

An Improper Check for Unusual or Exceptional Conditions in packet processing on the MS-MPC/MS-MIC utilized by Juniper Networks Junos OS allows a malicious attacker to send a specific packet, triggering the MS-MPC/MS-MIC to reset, causing a Denial of Service (DoS). Continued receipt and processing o...

7.5CVSS7.5AI score0.00389EPSS
CVE
CVE
added 2021/10/19 7:15 p.m.64 views

CVE-2021-31354

An Out Of Bounds (OOB) access vulnerability in the handling of responses by a Juniper Agile License (JAL) Client in Juniper Networks Junos OS and Junos OS Evolved, configured in Network Mode (to use Juniper Agile License Manager) may allow an attacker to cause a partial Denial of Service (DoS), or ...

8.8CVSS8AI score0.00279EPSS
CVE
CVE
added 2022/01/19 1:15 a.m.64 views

CVE-2022-22168

An Improper Validation of Specified Type of Input vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to trigger a Missing Release of Memory after Effective Lifetime vulnerability. Continued exploitation of this vulnerability will eventually lead to ...

6.5CVSS6.3AI score0.00076EPSS
CVE
CVE
added 2022/01/19 1:15 a.m.63 views

CVE-2022-22161

An Uncontrolled Resource Consumption vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause 100% CPU load and the device to become unresponsive by sending a flood of traffic to the out-of-band management ethernet port. Continued receipted ...

7.5CVSS7.4AI score0.0098EPSS
CVE
CVE
added 2022/01/19 1:15 a.m.63 views

CVE-2022-22177

A release of illegal memory vulnerability in the snmpd daemon of Juniper Networks Junos OS, Junos OS Evolved allows an attacker to halt the snmpd daemon causing a sustained Denial of Service (DoS) to the service until it is manually restarted. This issue impacts any version of SNMP – v1,v2, v3 This...

7.5CVSS6.2AI score0.00241EPSS
CVE
CVE
added 2023/01/13 12:15 a.m.63 views

CVE-2023-22394

An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper Networks Junos OS on SRX Series and MX Series platforms allows an attacker to cause a memory leak leading to Denial of Services (DoS). This issue occurs on all MX Series platforms with MS-MPC or MS-MI...

7.5CVSS7.4AI score0.00164EPSS
CVE
CVE
added 2021/10/19 7:15 p.m.62 views

CVE-2021-31360

An improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved command-line interpreter (CLI) allows a low-privileged user to overwrite local files as root, possibly leading to a system integrity issue or Denial of Service (DoS). Depending on the files overwrit...

7.1CVSS6.9AI score0.00116EPSS
CVE
CVE
added 2022/01/19 1:15 a.m.62 views

CVE-2022-22176

An Improper Validation of Syntactic Correctness of Input vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker sending a malformed DHCP packet to cause a crash of jdhcpd and thereby a Denial of Service (DoS). If option-82 is confi...

7.4CVSS6.7AI score0.00078EPSS
CVE
CVE
added 2021/07/15 8:15 p.m.61 views

CVE-2021-0290

Improper Handling of Exceptional Conditions in Ethernet interface frame processing of Juniper Networks Junos OS allows an attacker to send specially crafted frames over the local Ethernet segment, causing the interface to go into a down state, resulting in a Denial of Service (DoS) condition. The i...

6.5CVSS6.4AI score0.00081EPSS
CVE
CVE
added 2022/01/19 1:15 a.m.61 views

CVE-2022-22169

An Improper Initialization vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker who sends specific packets in certain orders and at specific timings to force OSPFv3 to unexpectedly enter graceful-restart (GR helper mode) even though...

5.9CVSS5.7AI score0.00277EPSS
CVE
CVE
added 2022/07/20 3:15 p.m.61 views

CVE-2022-22221

An Improper Neutralization of Special Elements vulnerability in the download manager of Juniper Networks Junos OS on SRX Series and EX Series allows a locally authenticated attacker with low privileges to take full control over the device. One aspect of this vulnerability is that the attacker needs...

7.8CVSS7.6AI score0.00349EPSS
Total number of security vulnerabilities189