Lucene search

K

9 matches found

CVE
CVE
added 2018/01/10 10:29 p.m.75 views

CVE-2018-0001

A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prio...

9.8CVSS9.8AI score0.05623EPSS
CVE
CVE
added 2018/01/10 10:29 p.m.59 views

CVE-2018-0007

An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a denial of service. ...

10CVSS9.7AI score0.00435EPSS
CVE
CVE
added 2018/01/10 10:29 p.m.54 views

CVE-2018-0004

A sustained sequence of different types of normal transit traffic can trigger a high CPU consumption denial of service condition in the Junos OS register and schedule software interrupt handler subsystem when a specific command is issued to the device. This affects one or more threads and conversel...

7.1CVSS6.8AI score0.00288EPSS
CVE
CVE
added 2018/01/10 10:29 p.m.54 views

CVE-2018-0009

On Juniper Networks SRX series devices, firewall rules configured to match custom application UUIDs starting with zeros can match all TCP traffic. Due to this issue, traffic that should have been blocked by other rules is permitted to flow through the device resulting in a firewall bypass condition...

5.9CVSS6AI score0.00252EPSS
CVE
CVE
added 2018/01/10 10:29 p.m.50 views

CVE-2018-0002

On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP response packet processed through the device results in memory corruption leading to a flowd daemon crash. Sustained crafted response packets lead to repeated crashes of the flowd daemon which results in a...

8.2CVSS6.9AI score0.0184EPSS
CVE
CVE
added 2018/01/10 10:29 p.m.50 views

CVE-2018-0003

A specially crafted MPLS packet received or processed by the system, on an interface configured with MPLS, will store information in the system memory. Subsequently, if this stored information is accessed, this may result in a kernel crash leading to a denial of service. Affected releases are Junip...

6.5CVSS6.4AI score0.00224EPSS
CVE
CVE
added 2018/01/10 10:29 p.m.50 views

CVE-2018-0008

An unauthenticated root login may allow upon reboot when a commit script is used. A commit script allows a device administrator to execute certain instructions during commit, which is configured under the [system scripts commit] stanza. Certain commit scripts that work without a problem during norm...

7.2CVSS6.9AI score0.00293EPSS
CVE
CVE
added 2018/01/10 10:29 p.m.48 views

CVE-2018-0006

A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain can trigger high memory utilization by the BBE subscriber management daemon (bbe-smgd), and lead to a denial of service condition. The issue was caused by attempting to process an unbounded number o...

6.5CVSS6AI score0.00374EPSS
CVE
CVE
added 2018/01/10 10:29 p.m.42 views

CVE-2018-0005

QFX and EX Series switches configured to drop traffic when the MAC move limit is exceeded will forward traffic instead of dropping traffic. This can lead to denials of services or other unintended conditions. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D40; 15...

8.8CVSS8.1AI score0.00224EPSS