Lucene search

K
JuniperJunos21.4

157 matches found

CVE
CVE
added 2022/03/23 1:15 p.m.738 views

CVE-2021-25220

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not...

6.8CVSS7AI score0.00069EPSS
CVE
CVE
added 2023/08/17 8:15 p.m.390 views

CVE-2023-36844

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables leadin...

5.3CVSS7.1AI score0.94297EPSS
CVE
CVE
added 2023/09/27 3:18 p.m.379 views

CVE-2023-36851

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an at...

5.3CVSS6.7AI score0.11397EPSS
CVE
CVE
added 2023/08/17 8:15 p.m.376 views

CVE-2023-36845

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution envi...

9.8CVSS7.7AI score0.94355EPSS
CVE
CVE
added 2023/08/17 8:15 p.m.294 views

CVE-2023-36846

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication an attacker is able...

5.3CVSS6.1AI score0.94278EPSS
CVE
CVE
added 2023/08/17 8:15 p.m.283 views

CVE-2023-36847

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an atta...

5.3CVSS6.1AI score0.94278EPSS
CVE
CVE
added 2025/03/12 2:15 p.m.188 views

CVE-2025-21590

An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arbitrary code which can compromise an affected ...

6.7CVSS4.9AI score0.01009EPSS
CVE
CVE
added 2023/10/12 11:15 p.m.109 views

CVE-2023-36843

An Improper Handling of Inconsistent Special Elements vulnerability in the Junos Services Framework (jsf) module of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a crash in the Packet Forwarding Engine (pfe) and thereby resulting in a Denial of Service (DoS). U...

7.5CVSS7.6AI score0.00086EPSS
CVE
CVE
added 2023/10/12 11:15 p.m.108 views

CVE-2023-36839

An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker who sends specific LLDP packets to cause a Denial of Service(DoS). This issue occurs when...

6.5CVSS6.5AI score0.00039EPSS
CVE
CVE
added 2024/01/12 1:15 a.m.98 views

CVE-2024-21591

An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device. This issue is caused by use of an ins...

9.8CVSS9.7AI score0.23476EPSS
CVE
CVE
added 2023/10/12 11:15 p.m.94 views

CVE-2023-44175

A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS). Continued receipt and processing of this packet will crea...

7.5CVSS6.8AI score0.00171EPSS
CVE
CVE
added 2024/04/12 3:15 p.m.94 views

CVE-2024-21610

An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS). In a scaled CoS scenario with 1000s of interfaces, when spe...

5.3CVSS4.5AI score0.00099EPSS
CVE
CVE
added 2024/07/11 4:15 p.m.91 views

CVE-2024-39530

An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis management daemon (chassisd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an attempt is made to access specific sensors on platforms not supp...

8.7CVSS7.6AI score0.00276EPSS
CVE
CVE
added 2023/09/01 12:15 a.m.90 views

CVE-2023-4481

An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When certain specific crafted BGP UPDATE messages are received over an established ...

7.5CVSS7.5AI score0.01303EPSS
CVE
CVE
added 2024/04/12 3:15 p.m.90 views

CVE-2024-21598

An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If a BGP update is received over an established BGP sess...

8.7CVSS6.8AI score0.00112EPSS
CVE
CVE
added 2022/07/20 3:15 p.m.89 views

CVE-2022-22209

A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a Denial of Service (DoS). On all Junos platforms, the Kernel Routing Table (KRT) queue can get stuck due to a memory leak triggere...

7.5CVSS7.5AI score0.01364EPSS
CVE
CVE
added 2023/10/13 12:15 a.m.82 views

CVE-2023-44176

A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affect...

5.5CVSS5.8AI score0.00058EPSS
CVE
CVE
added 2024/04/16 8:15 p.m.82 views

CVE-2024-30378

A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition. The pro...

6.9CVSS7AI score0.00051EPSS
CVE
CVE
added 2023/06/21 5:15 p.m.80 views

CVE-2023-0026

An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that mes...

7.5CVSS7.5AI score0.00098EPSS
CVE
CVE
added 2024/04/12 3:15 p.m.79 views

CVE-2024-21609

A Missing Release of Memory after Effective Lifetime vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an administratively adjacent attacker which is able to successfully establish IPsec tunnels to cause a Denial of Service (DoS). If s...

7.1CVSS6.9AI score0.00064EPSS
CVE
CVE
added 2024/04/12 3:15 p.m.79 views

CVE-2024-30395

An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). If a BGP update is received over an established BGP session which contains a tunnel e...

8.7CVSS6.8AI score0.00146EPSS
CVE
CVE
added 2022/04/14 4:15 p.m.77 views

CVE-2022-22186

Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but not destined to the device, may be improperly forwarded to an egress interface, instead of being discarded. Such traffic being sent by a client may ...

7.2CVSS6.6AI score0.0039EPSS
CVE
CVE
added 2024/04/12 3:15 p.m.75 views

CVE-2024-30405

An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS). Continued receipt and processing of these s...

8.7CVSS6.8AI score0.0019EPSS
CVE
CVE
added 2023/10/11 9:15 p.m.74 views

CVE-2023-44186

An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and ...

7.5CVSS7.4AI score0.00155EPSS
CVE
CVE
added 2022/10/18 3:15 a.m.71 views

CVE-2022-22241

An Improper Input Validation vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data without proper authorization. Utilizing a crafted POST request, deserialization may occur which could lead to unauthorized local file access or the abi...

9.8CVSS9AI score0.00396EPSS
CVE
CVE
added 2024/04/12 3:15 p.m.71 views

CVE-2024-21615

An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system. On all Junos OS and Junos OS Evolved platforms, when NETCONF traceoptions are configured, and a super-user perfo...

5.1CVSS6.3AI score0.00035EPSS
CVE
CVE
added 2024/04/16 8:15 p.m.69 views

CVE-2024-30380

An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS), which causes the l2cpd process to crash by sending a specific TLV. The l2cpd process is responsible for laye...

7.1CVSS6.8AI score0.00102EPSS
CVE
CVE
added 2024/04/12 3:15 p.m.69 views

CVE-2024-30410

An Incorrect Behavior Order in the routing engine (RE) of Juniper Networks Junos OS on EX4300 Series allows traffic intended to the device to reach the RE instead of being discarded when the discard term is set in loopback (lo0) interface. The intended function is that the lo0 firewall filter takes...

6.9CVSS6.8AI score0.00257EPSS
CVE
CVE
added 2024/04/12 3:15 p.m.68 views

CVE-2024-21618

An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when LLDP i...

7.1CVSS6.8AI score0.00124EPSS
CVE
CVE
added 2024/04/12 4:15 p.m.68 views

CVE-2024-30398

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a high amount of specific traffic is received on a S...

8.7CVSS6.7AI score0.00197EPSS
CVE
CVE
added 2024/07/11 5:15 p.m.68 views

CVE-2024-39549

A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not pro...

8.7CVSS7.5AI score0.0024EPSS
CVE
CVE
added 2024/04/12 4:15 p.m.67 views

CVE-2024-30402

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When telemetry requests are sent to the device, and...

8.2CVSS6.8AI score0.00174EPSS
CVE
CVE
added 2023/01/13 12:15 a.m.65 views

CVE-2023-22403

An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On QFX10K Series, Inter-Chassis Control Protocol (ICCP) is used in MC-LAG top...

7.5CVSS7.5AI score0.00274EPSS
CVE
CVE
added 2024/04/12 4:15 p.m.65 views

CVE-2024-30386

A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS). In an EVPN-VXLAN scenario, when state updates are received and p...

7.1CVSS6.7AI score0.00078EPSS
CVE
CVE
added 2023/01/13 12:15 a.m.63 views

CVE-2023-22394

An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper Networks Junos OS on SRX Series and MX Series platforms allows an attacker to cause a memory leak leading to Denial of Services (DoS). This issue occurs on all MX Series platforms with MS-MPC or MS-MI...

7.5CVSS7.4AI score0.00164EPSS
CVE
CVE
added 2023/01/13 12:15 a.m.63 views

CVE-2023-22408

An Improper Validation of Array Index vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX 5000 Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). When an attacker sends an SIP packets with a malformed SDP field then the SIP ALG can not process i...

7.5CVSS7.6AI score0.00111EPSS
CVE
CVE
added 2024/04/12 4:15 p.m.63 views

CVE-2024-30387

A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). If an interface flaps while the system gathers statistics on that interface, two processe...

7.1CVSS6.7AI score0.00068EPSS
CVE
CVE
added 2023/01/13 12:15 a.m.62 views

CVE-2023-22413

An Improper Check or Handling of Exceptional Conditions vulnerability in the IPsec library of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). On all MX platforms with MS-MPC or MS-MIC card, when specific IPv4 packets are processed by an I...

7.5CVSS7.6AI score0.00235EPSS
CVE
CVE
added 2024/04/12 4:15 p.m.62 views

CVE-2024-30397

An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS). The pkid is responsible for the certificate verification. Upon a faile...

8.7CVSS7.5AI score0.00255EPSS
CVE
CVE
added 2022/07/20 3:15 p.m.61 views

CVE-2022-22221

An Improper Neutralization of Special Elements vulnerability in the download manager of Juniper Networks Junos OS on SRX Series and EX Series allows a locally authenticated attacker with low privileges to take full control over the device. One aspect of this vulnerability is that the attacker needs...

7.8CVSS7.6AI score0.00435EPSS
CVE
CVE
added 2023/01/13 12:15 a.m.61 views

CVE-2023-22417

A Missing Release of Memory after Effective Lifetime vulnerability in the Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In an IPsec VPN environment, a memory leak will be seen if a DH or ECDH group is...

7.5CVSS7.5AI score0.00233EPSS
CVE
CVE
added 2024/04/12 4:15 p.m.61 views

CVE-2024-30382

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing an rpd core due to memory corruption, leading to a Denial o...

8.7CVSS6.8AI score0.00493EPSS
CVE
CVE
added 2023/01/13 12:15 a.m.60 views

CVE-2023-22412

An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC or MS-MIC card and SRX Series allows an unauthenticated, network-based attacker to cause a flow processing daemon (flowd) crash and thereby a Denial of Service (DoS). Continued receipt of these sp...

7.5CVSS7.5AI score0.00145EPSS
CVE
CVE
added 2024/04/12 4:15 p.m.60 views

CVE-2024-30389

An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device. When an output firewall filter is applied to ...

6.9CVSS6.8AI score0.00162EPSS
CVE
CVE
added 2024/04/12 4:15 p.m.59 views

CVE-2024-30384

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows a locally authenticated attacker with low privileges to cause a Denial-of-Service (Dos). If a specific CLI command is issued, a PFE crash ...

6.8CVSS6.6AI score0.00048EPSS
CVE
CVE
added 2023/01/13 12:15 a.m.58 views

CVE-2023-22405

An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS) to device due to out of resources. When a devi...

6.5CVSS6.5AI score0.00119EPSS
CVE
CVE
added 2023/01/13 12:15 a.m.58 views

CVE-2023-22414

A Missing Release of Memory after Effective Lifetime vulnerability in Flexible PIC Concentrator (FPC) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker from the same shared physical or logical network, to cause a heap memory leak and leading to FPC crash. On all Junos PTX Se...

6.5CVSS6.5AI score0.00101EPSS
CVE
CVE
added 2022/07/20 3:15 p.m.57 views

CVE-2022-22206

A Buffer Overflow vulnerability in the PFE of Juniper Networks Junos OS on SRX series allows an unauthenticated network based attacker to cause a Denial of Service (DoS). The PFE will crash when specific traffic is scanned by Enhanced Web Filtering safe-search feature of UTM (Unified Threat managem...

7.5CVSS7.5AI score0.00802EPSS
CVE
CVE
added 2023/01/13 12:15 a.m.57 views

CVE-2023-22404

An Out-of-bounds Write vulnerability in the Internet Key Exchange Protocol daemon (iked) of Juniper Networks Junos OS on SRX series and MX with SPC3 allows an authenticated, network-based attacker to cause a Denial of Service (DoS). iked will crash and restart, and the tunnel will not come up when ...

6.5CVSS6.5AI score0.002EPSS
CVE
CVE
added 2023/10/12 11:15 p.m.57 views

CVE-2023-36841

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows a unauthenticated network-based attacker to cause an infinite loop, resulting in a Denial of Service (DoS). An attacker who sends malformed TC...

7.5CVSS7.6AI score0.00126EPSS
Total number of security vulnerabilities157