VYPR

Junos

by Juniper Networks

CVEs (766)

  • CVE-2019-0064Oct 9, 2019
    risk 0.00cvss epss 0.01

    On SRX5000 Series devices, if 'set security zones security-zone tcp-rst' is configured, the flowd process may crash when a specific TCP packet is received by the device and triggers a new session. The process restarts automatically. However, receipt of a constant stream…

  • CVE-2019-0063Oct 9, 2019
    risk 0.00cvss epss 0.01

    When an MX Series Broadband Remote Access Server (BRAS) is configured as a Broadband Network Gateway (BNG) with DHCPv6 enabled, jdhcpd might crash when receiving a specific crafted DHCP response message on a subscriber interface. The daemon automatically restarts without…

  • CVE-2019-0062Oct 9, 2019
    risk 0.00cvss epss 0.01

    A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. This issue affects: Juniper Networks Junos OS 12.3…

  • CVE-2019-0061Oct 9, 2019
    risk 0.00cvss epss 0.00

    The management daemon (MGD) is responsible for all configuration and management operations in Junos OS. The Junos CLI communicates with MGD over an internal unix-domain socket and is granted special permission to open this protected mode socket. Due to a misconfiguration of the…

  • CVE-2019-0060Oct 9, 2019
    risk 0.00cvss epss 0.01

    The flowd process, responsible for forwarding traffic in SRX Series services gateways, may crash and restart when processing specific transit IP packets through an IPSec tunnel. Continued processing of these packets may result in an extended Denial of Service (DoS) condition.…

  • CVE-2019-0059Oct 9, 2019
    risk 0.00cvss epss 0.01

    A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having those BGP states delivered to the vulnerable device. This issue affects: Juniper…

  • CVE-2019-0058Oct 9, 2019
    risk 0.00cvss epss 0.00

    A vulnerability in the Veriexec subsystem of Juniper Networks Junos OS allowing an attacker to fully compromise the host system. A local authenticated user can elevate privileges to gain full control of the system even if they are specifically denied access to perform certain…

  • CVE-2019-0057Oct 9, 2019
    risk 0.00cvss epss 0.00

    An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system. This issue affects: Juniper Networks Junos OS versions…

  • CVE-2019-0056Oct 9, 2019
    risk 0.00cvss epss 0.01

    This issue only affects devices with three (3) or more MPC10's installed in a single chassis with OSPF enabled and configured on the device. An Insufficient Resource Pool weakness allows an attacker to cause the device's Open Shortest Path First (OSPF) states to transition to…

  • CVE-2019-0055Oct 9, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific types of valid SIP traffic to the device. In this case, the flowd process crashes and generates a core…

  • CVE-2019-0054Oct 9, 2019
    risk 0.00cvss epss 0.01

    An Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client of Juniper Networks Junos OS allows an attacker to perform Man-in-the-Middle (MitM) attacks which may compromise the integrity and confidentiality of the…

  • CVE-2019-0051Oct 9, 2019
    risk 0.00cvss epss 0.01

    SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation which can be exploited by remote SSL/TLS servers to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition. For this issue to occur,…

  • CVE-2019-0050Oct 9, 2019
    risk 0.00cvss epss 0.01

    Under certain heavy traffic conditions srxpfe process can crash and result in a denial of service condition for the SRX1500 device. Repeated crashes of the srxpfe can result in an extended denial of service condition. The SRX device may fail to forward traffic when this…

  • CVE-2019-0047Oct 9, 2019
    risk 0.00cvss epss 0.02

    A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative actions on the Junos device. Successful exploitation requires a Junos administrator to first perform certain diagnostic actions…

  • CVE-2019-0053Jul 11, 2019
    risk 0.00cvss epss 0.01

    Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables…

  • CVE-2019-0052Jul 11, 2019
    risk 0.00cvss epss 0.02

    The srxpfe process may crash on SRX Series services gateways when the UTM module processes a specific fragmented HTTP packet. The packet is misinterpreted as a regular TCP packet which causes the processor to crash. This issue affects all SRX Series platforms that support…

  • CVE-2019-0049Jul 11, 2019
    risk 0.00cvss epss 0.02

    On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a certain sequence of BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process…

  • CVE-2019-0048Jul 11, 2019
    risk 0.00cvss epss 0.01

    On EX4300 Series switches with TCAM optimization enabled, incoming multicast traffic matches an implicit loopback filter rule first, since it has high priority. This rule is meant for reserved multicast addresses 224.0.0.x, but incorrectly matches on 224.x.x.x. Due to this bug,…

  • CVE-2019-0046Jul 11, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in the pfe-chassisd Chassis Manager (CMLC) daemon of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the EX4300 when specific valid broadcast packets create a broadcast storm condition when received on the me0 interface of the…

  • CVE-2019-0044Apr 10, 2019
    risk 0.00cvss epss 0.02

    Receipt of a specific packet on the out-of-band management interface fxp0 may cause the system to crash and restart (vmcore). By continuously sending a specially crafted packet to the fxp0 interface, an attacker can repetitively crash the rpd process causing prolonged Denial of…

Page 33 of 39