Lucene search

K
JuniperJunos21.1

163 matches found

CVE
CVE
added 2022/07/20 3:15 p.m.889 views

CVE-2022-22215

A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module (PAM) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). It is possible that after t...

6.5CVSS5.8AI score0.00279EPSS
CVE
CVE
added 2022/03/23 1:15 p.m.737 views

CVE-2021-25220

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not...

6.8CVSS7AI score0.00069EPSS
CVE
CVE
added 2023/08/17 8:15 p.m.390 views

CVE-2023-36844

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables leadin...

5.3CVSS7.1AI score0.94297EPSS
CVE
CVE
added 2023/08/17 8:15 p.m.376 views

CVE-2023-36845

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution envi...

9.8CVSS7.7AI score0.94355EPSS
CVE
CVE
added 2023/08/17 8:15 p.m.294 views

CVE-2023-36846

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication an attacker is able...

5.3CVSS6.1AI score0.94278EPSS
CVE
CVE
added 2023/08/17 8:15 p.m.283 views

CVE-2023-36847

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an atta...

5.3CVSS6.1AI score0.94278EPSS
CVE
CVE
added 2022/10/18 3:15 a.m.114 views

CVE-2022-22249

An Improper Control of a Resource Through its Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). When there is a continuous mac move a memory corruption causes one or ...

6.5CVSS6.6AI score0.00105EPSS
CVE
CVE
added 2023/10/12 11:15 p.m.109 views

CVE-2023-36843

An Improper Handling of Inconsistent Special Elements vulnerability in the Junos Services Framework (jsf) module of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a crash in the Packet Forwarding Engine (pfe) and thereby resulting in a Denial of Service (DoS). U...

7.5CVSS7.6AI score0.00086EPSS
CVE
CVE
added 2023/10/12 11:15 p.m.108 views

CVE-2023-36839

An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker who sends specific LLDP packets to cause a Denial of Service(DoS). This issue occurs when...

6.5CVSS6.5AI score0.00039EPSS
CVE
CVE
added 2021/08/17 11:15 p.m.94 views

CVE-2021-0284

A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of Se...

7.8CVSS7.5AI score0.00437EPSS
CVE
CVE
added 2024/07/11 4:15 p.m.91 views

CVE-2024-39530

An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis management daemon (chassisd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an attempt is made to access specific sensors on platforms not supp...

8.7CVSS7.6AI score0.00276EPSS
CVE
CVE
added 2023/09/01 12:15 a.m.90 views

CVE-2023-4481

An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When certain specific crafted BGP UPDATE messages are received over an established ...

7.5CVSS7.5AI score0.01303EPSS
CVE
CVE
added 2022/04/14 4:15 p.m.85 views

CVE-2022-22198

An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. On all MX and SRX platfor...

7.5CVSS7.5AI score0.0052EPSS
CVE
CVE
added 2021/10/19 7:15 p.m.83 views

CVE-2021-31382

On PTX1000 System, PTX10002-60C System, after upgrading to an affected release, a Race Condition vulnerability between the chassis daemon (chassisd) and firewall process (dfwd) of Juniper Networks Junos OS, may update the device's interfaces with incorrect firewall filters. This issue only occurs w...

9CVSS7.8AI score0.00216EPSS
CVE
CVE
added 2024/04/16 8:15 p.m.82 views

CVE-2024-30378

A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition. The pro...

6.9CVSS7AI score0.00051EPSS
CVE
CVE
added 2022/01/19 1:15 a.m.81 views

CVE-2022-22163

An Improper Input Validation vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a crash of jdhcpd and thereby a Denial of Service (DoS). If a device is configured as DHCPv6 local server and persistent storage is enable...

7.4CVSS6.6AI score0.00078EPSS
CVE
CVE
added 2023/06/21 5:15 p.m.80 views

CVE-2023-0026

An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that mes...

7.5CVSS7.5AI score0.00098EPSS
CVE
CVE
added 2021/07/15 8:15 p.m.77 views

CVE-2021-0283

A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of Se...

7.8CVSS7.7AI score0.00437EPSS
CVE
CVE
added 2022/04/14 4:15 p.m.77 views

CVE-2022-22185

A vulnerability in Juniper Networks Junos OS on SRX Series, allows a network-based unauthenticated attacker to cause a Denial of Service (DoS) by sending a specific fragmented packet to the device, resulting in a flowd process crash, which is responsible for packet forwarding. Continued receipt and...

7.5CVSS7.6AI score0.00441EPSS
CVE
CVE
added 2022/04/14 4:15 p.m.77 views

CVE-2022-22186

Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but not destined to the device, may be improperly forwarded to an egress interface, instead of being discarded. Such traffic being sent by a client may ...

7.2CVSS6.6AI score0.0039EPSS
CVE
CVE
added 2022/04/14 4:15 p.m.77 views

CVE-2022-22196

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker with an established ISIS adjacency to cause a Denial of Service (DoS). The rpd CPU spikes to 100%...

6.5CVSS6.5AI score0.00121EPSS
CVE
CVE
added 2024/04/12 4:15 p.m.77 views

CVE-2024-30391

A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device. If a device...

6.3CVSS7.2AI score0.0012EPSS
CVE
CVE
added 2022/04/14 4:15 p.m.75 views

CVE-2022-22182

A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects: Juniper Networks Junos OS 12....

8.8CVSS6.6AI score0.00653EPSS
CVE
CVE
added 2022/01/19 1:15 a.m.74 views

CVE-2022-22156

An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker to perform Person-in-the-Middle (PitM) attacks when a system script is fetched from a remote source at a specified HTTPS URL, which may compromise the integrity and confidentiality of the device. The fol...

7.4CVSS6.9AI score0.00116EPSS
CVE
CVE
added 2022/01/19 1:15 a.m.74 views

CVE-2022-22178

A Stack-based Buffer Overflow vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on MX Series and SRX series allows an unauthenticated networked attacker to cause a flowd crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will caus...

7.5CVSS7.5AI score0.00463EPSS
CVE
CVE
added 2023/10/11 9:15 p.m.74 views

CVE-2023-44186

An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and ...

7.5CVSS7.4AI score0.00155EPSS
CVE
CVE
added 2022/04/14 4:15 p.m.72 views

CVE-2022-22191

A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwa...

6.5CVSS6.4AI score0.002EPSS
CVE
CVE
added 2022/10/18 3:15 a.m.71 views

CVE-2022-22241

An Improper Input Validation vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data without proper authorization. Utilizing a crafted POST request, deserialization may occur which could lead to unauthorized local file access or the abi...

9.8CVSS9AI score0.00396EPSS
CVE
CVE
added 2022/04/14 4:15 p.m.70 views

CVE-2022-22193

An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). Continued execution of this command might cause a sustain...

5.5CVSS5.5AI score0.00051EPSS
CVE
CVE
added 2022/01/19 1:15 a.m.69 views

CVE-2022-22172

A Missing Release of Memory after Effective Lifetime vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a memory leak. Continued exploitation can lead to memory exhaustion and thereby a...

6.5CVSS6.5AI score0.00081EPSS
CVE
CVE
added 2022/04/14 4:15 p.m.67 views

CVE-2022-22181

A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a network-based authenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web. This may allow the attacker to gain control of ...

8CVSS5.7AI score0.00769EPSS
CVE
CVE
added 2021/10/19 7:15 p.m.65 views

CVE-2021-31351

An Improper Check for Unusual or Exceptional Conditions in packet processing on the MS-MPC/MS-MIC utilized by Juniper Networks Junos OS allows a malicious attacker to send a specific packet, triggering the MS-MPC/MS-MIC to reset, causing a Denial of Service (DoS). Continued receipt and processing o...

7.5CVSS7.5AI score0.00389EPSS
CVE
CVE
added 2023/01/13 12:15 a.m.65 views

CVE-2023-22403

An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On QFX10K Series, Inter-Chassis Control Protocol (ICCP) is used in MC-LAG top...

7.5CVSS7.5AI score0.00274EPSS
CVE
CVE
added 2021/10/19 7:15 p.m.64 views

CVE-2021-31354

An Out Of Bounds (OOB) access vulnerability in the handling of responses by a Juniper Agile License (JAL) Client in Juniper Networks Junos OS and Junos OS Evolved, configured in Network Mode (to use Juniper Agile License Manager) may allow an attacker to cause a partial Denial of Service (DoS), or ...

8.8CVSS8AI score0.00279EPSS
CVE
CVE
added 2022/01/19 1:15 a.m.64 views

CVE-2022-22168

An Improper Validation of Specified Type of Input vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to trigger a Missing Release of Memory after Effective Lifetime vulnerability. Continued exploitation of this vulnerability will eventually lead to ...

6.5CVSS6.3AI score0.00076EPSS
CVE
CVE
added 2022/01/19 1:15 a.m.63 views

CVE-2022-22161

An Uncontrolled Resource Consumption vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause 100% CPU load and the device to become unresponsive by sending a flood of traffic to the out-of-band management ethernet port. Continued receipted ...

7.5CVSS7.4AI score0.0098EPSS
CVE
CVE
added 2022/01/19 1:15 a.m.63 views

CVE-2022-22177

A release of illegal memory vulnerability in the snmpd daemon of Juniper Networks Junos OS, Junos OS Evolved allows an attacker to halt the snmpd daemon causing a sustained Denial of Service (DoS) to the service until it is manually restarted. This issue impacts any version of SNMP – v1,v2, v3 This...

7.5CVSS6.2AI score0.00241EPSS
CVE
CVE
added 2023/01/13 12:15 a.m.63 views

CVE-2023-22394

An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper Networks Junos OS on SRX Series and MX Series platforms allows an attacker to cause a memory leak leading to Denial of Services (DoS). This issue occurs on all MX Series platforms with MS-MPC or MS-MI...

7.5CVSS7.4AI score0.00164EPSS
CVE
CVE
added 2023/01/13 12:15 a.m.63 views

CVE-2023-22408

An Improper Validation of Array Index vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX 5000 Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). When an attacker sends an SIP packets with a malformed SDP field then the SIP ALG can not process i...

7.5CVSS7.6AI score0.00111EPSS
CVE
CVE
added 2021/10/19 7:15 p.m.62 views

CVE-2021-31360

An improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved command-line interpreter (CLI) allows a low-privileged user to overwrite local files as root, possibly leading to a system integrity issue or Denial of Service (DoS). Depending on the files overwrit...

7.1CVSS6.9AI score0.00116EPSS
CVE
CVE
added 2022/01/19 1:15 a.m.62 views

CVE-2022-22171

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a Denial of Service (DoS) by sending specific packets over VXLAN which cause the PFE to reset. This issue af...

7.5CVSS7.5AI score0.0039EPSS
CVE
CVE
added 2022/01/19 1:15 a.m.62 views

CVE-2022-22176

An Improper Validation of Syntactic Correctness of Input vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker sending a malformed DHCP packet to cause a crash of jdhcpd and thereby a Denial of Service (DoS). If option-82 is confi...

7.4CVSS6.7AI score0.00078EPSS
CVE
CVE
added 2023/01/13 12:15 a.m.62 views

CVE-2023-22413

An Improper Check or Handling of Exceptional Conditions vulnerability in the IPsec library of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). On all MX platforms with MS-MPC or MS-MIC card, when specific IPv4 packets are processed by an I...

7.5CVSS7.6AI score0.00235EPSS
CVE
CVE
added 2022/01/19 1:15 a.m.61 views

CVE-2022-22166

An Improper Validation of Specified Quantity in Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause an rdp crash and thereby a Denial of Service (DoS). If a BGP update message is received over an established BGP...

6.5CVSS6.5AI score0.00195EPSS
CVE
CVE
added 2022/01/19 1:15 a.m.61 views

CVE-2022-22169

An Improper Initialization vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker who sends specific packets in certain orders and at specific timings to force OSPFv3 to unexpectedly enter graceful-restart (GR helper mode) even though...

5.9CVSS5.7AI score0.00277EPSS
CVE
CVE
added 2022/10/18 3:15 a.m.61 views

CVE-2022-22220

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS, Junos OS Evolved allows a network-based unauthenticated attacker to cause a Denial of Service (DoS). When a BGP flow route with redirect IP extended community is received...

5.9CVSS5.7AI score0.00227EPSS
CVE
CVE
added 2022/07/20 3:15 p.m.61 views

CVE-2022-22221

An Improper Neutralization of Special Elements vulnerability in the download manager of Juniper Networks Junos OS on SRX Series and EX Series allows a locally authenticated attacker with low privileges to take full control over the device. One aspect of this vulnerability is that the attacker needs...

7.8CVSS7.6AI score0.00349EPSS
CVE
CVE
added 2023/01/13 12:15 a.m.61 views

CVE-2023-22417

A Missing Release of Memory after Effective Lifetime vulnerability in the Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In an IPsec VPN environment, a memory leak will be seen if a DH or ECDH group is...

7.5CVSS7.5AI score0.00233EPSS
CVE
CVE
added 2021/07/15 8:15 p.m.60 views

CVE-2021-0289

When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attac...

6.5CVSS5.6AI score0.00063EPSS
CVE
CVE
added 2021/10/19 7:15 p.m.60 views

CVE-2021-31361

An Improper Check for Unusual or Exceptional Conditions vulnerability combined with Improper Handling of Exceptional Conditions in Juniper Networks Junos OS on QFX Series and PTX Series allows an unauthenticated network based attacker to cause increased FPC CPU utilization by sending specific IP pa...

5.3CVSS5.2AI score0.00458EPSS
Total number of security vulnerabilities163