VYPR
Vendor

Juniper Networks

Juniper Networks, Inc., was an American multinational corporation headquartered in Sunnyvale, California. The company developed and marketed networking products, including routers, switches, network management software, network security products, and software-defined networking technology.

Founded 1996
Products
162
CVEs
1,081
Across products
1,368
Status
Private

Products

162
View all 162 products →

Recent CVEs

1,081
View all 1,081 CVEs →
  • CVE-2015-7755CriKEVDec 19, 2015
    risk 0.84cvss 9.8epss 0.61

    Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before…

  • CVE-2024-2973CriJun 27, 2024
    risk 0.65cvss 10.0epss 0.01

    An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. Only routers or conductors…

  • CVE-2017-2349CriJul 17, 2017
    risk 0.65cvss 9.9epss 0.02

    A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges. Affected releases are Juniper Networks Junos OS 12.1X44 prior to…

  • CVE-2017-2343CriJul 17, 2017
    risk 0.65cvss 10.0epss 0.03

    The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services…

  • CVE-2017-2320CriApr 24, 2017
    risk 0.65cvss 10.0epss 0.02

    A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any…

  • CVE-2025-21589CriJan 27, 2026
    risk 0.64cvss 9.8epss 0.01

    An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router:  * from…

  • CVE-2018-0042CriJul 11, 2018
    risk 0.64cvss 9.8epss 0.01

    Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability.

  • CVE-2018-0041CriJul 11, 2018
    risk 0.64cvss 9.8epss 0.01

    Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone.

  • CVE-2018-0040CriJul 11, 2018
    risk 0.64cvss 9.8epss 0.01

    Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services.

  • CVE-2018-0038CriJul 11, 2018
    risk 0.64cvss 9.8epss 0.01

    Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra.

  • CVE-2018-0037CriJul 11, 2018
    risk 0.64cvss 9.8epss 0.04

    Junos OS routing protocol daemon (RPD) process may crash and restart or may lead to remote code execution while processing specific BGP NOTIFICATION messages. By continuously sending crafted BGP NOTIFICATION messages, an attacker can repeatedly crash the RPD process causing a…

  • CVE-2018-0016CriApr 11, 2018
    risk 0.64cvss 9.8epss 0.04

    Receipt of a specially crafted Connectionless Network Protocol (CLNP) datagram destined to an interface of a Junos OS device may result in a kernel crash or lead to remote code execution. Devices are only vulnerable to the specially crafted CLNP datagram if 'clns-routing' or…

  • CVE-2014-3413CriApr 5, 2018
    risk 0.64cvss 9.8epss 0.02

    The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access.

  • CVE-2018-0015CriFeb 22, 2018
    risk 0.64cvss 9.8epss 0.01

    A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. The AppFormix Agent exposes the debug console on a host where AppFormix Agent is executing. If…

  • CVE-2018-0007CriJan 10, 2018
    risk 0.64cvss 9.8epss 0.02

    An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a…

  • CVE-2018-0001CriJan 10, 2018
    risk 0.64cvss 9.8epss 0.06

    A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS:…

  • CVE-2017-10622CriOct 13, 2017
    risk 0.64cvss 9.8epss 0.05

    An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. This issue only affects Junos Space Network Management Platform 17.1R1 without Patch v1…

  • CVE-2017-10615CriOct 13, 2017
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to potentially execute arbitrary code or crash daemons such as telnetd or sshd that make use of PAM. Affected Juniper Networks Junos OS…

  • CVE-2016-1265CriOct 13, 2017
    risk 0.64cvss 9.8epss 0.02

    A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command…

  • CVE-2017-2345CriJul 17, 2017
    risk 0.64cvss 9.8epss 0.04

    On Junos OS devices with SNMP enabled, a network based attacker with unfiltered access to the RE can cause the Junos OS snmpd daemon to crash and restart by sending a crafted SNMP packet. Repeated crashes of the snmpd daemon can result in a partial denial of service condition.…