VYPR

Junos

by Juniper Networks

CVEs (766)

  • CVE-2017-10614MedOct 13, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in telnetd service on Junos OS allows a remote attacker to cause a limited memory and/or CPU consumption denial of service attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 12.1X46 prior to…

  • CVE-2017-10604MedJul 17, 2017
    risk 0.35cvss 5.3epss 0.01

    When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. When an SRX Series device is in cluster mode, and a cluster sync or…

  • CVE-2017-2340MedApr 24, 2017
    risk 0.35cvss 5.3epss 0.02

    On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 prior to 16.1R3, on M/MX platforms where Enhanced Subscriber Management for DHCPv6 subscribers is configured, a vulnerability in processing IPv6 ND packets originating from subscribers and destined to M/MX…

  • CVE-2016-1260MedJan 15, 2016
    risk 0.35cvss 5.3epss 0.02

    Juniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and 15.2 before 15.2R1 on EX4300 series switches allow remote attackers to cause a denial of service (network loop and bandwidth consumption) via unspecified vectors related to Spanning Tree Protocol (STP) traffic.

  • CVE-2016-1258MedJan 15, 2016
    risk 0.35cvss 5.3epss 0.02

    Embedthis Appweb, as used in J-Web in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R8, 14.1 before 14.1R6, and 14.2 before 14.2R5, allows…

  • CVE-2016-1256MedJan 15, 2016
    risk 0.35cvss 5.3epss 0.02

    Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D40, 13.3 before 13.3R7, 14.1 before 14.1R5, 14.1X53 before 14.1X53-D18 or 14.1X53-D30,…

  • CVE-2016-7103MedMar 15, 2017
    risk 0.34cvss 6.1epss 0.23

    Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

  • CVE-2018-0026MedJul 11, 2018
    risk 0.31cvss 4.7epss 0.02

    After Junos OS device reboot or upgrade, the stateless firewall filter configuration may not take effect. This issue can be verified by running the command: user@re0> show interfaces <interface_name> extensive | match filters" CAM destination filters: 0, CAM source filters: 0…

  • CVE-2018-0035MedJul 11, 2018
    risk 0.29cvss 4.4epss 0.01

    QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended additional Open Network Install…

  • CVE-2017-10606MedOct 13, 2017
    risk 0.29cvss 4.4epss 0.00

    Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX300 Series to encrypt…

  • CVE-2023-36845KEVAug 17, 2023
    risk 0.23cvss epss 0.94

    A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to…

  • CVE-2023-36846KEVAug 17, 2023
    risk 0.20cvss epss 0.94

    A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require…

  • CVE-2023-36844KEVAug 17, 2023
    risk 0.20cvss epss 0.90

    A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP…

  • CVE-2023-36847KEVAug 17, 2023
    risk 0.20cvss epss 0.85

    A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't…

  • CVE-2023-36851KEVSep 26, 2023
    risk 0.13cvss epss 0.01

    A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't…

  • CVE-2025-21590KEVMar 12, 2025
    risk 0.12cvss epss 0.02

    An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arbitrary code which can…

  • CVE-2020-1631KEVMay 4, 2020
    risk 0.12cvss epss 0.05

    A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal.…

  • CVE-2004-0230Aug 18, 2004
    risk 0.09cvss epss 0.81

    TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections,…

  • CVE-2022-22242Oct 18, 2022
    risk 0.05cvss epss 0.02

    A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. This issue affects Juniper…

  • CVE-2013-6618Nov 5, 2013
    risk 0.04cvss epss 0.11

    jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.

Page 6 of 39