Vulnerabilities > Juniper

DATE CVE VULNERABILITY TITLE RISK
2022-04-14 CVE-2022-22181 Cross-site Scripting vulnerability in Juniper Junos
A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a network-based authenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web.
network
juniper CWE-79
3.5
2022-04-14 CVE-2022-22182 Cross-site Scripting vulnerability in Juniper Junos
A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator.
network
juniper CWE-79
4.3
2022-04-14 CVE-2022-22183 Improper Access Control vulnerability in Juniper Junos OS Evolved
An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition.
network
low complexity
juniper CWE-284
7.8
2022-04-14 CVE-2022-22185 Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos
A vulnerability in Juniper Networks Junos OS on SRX Series, allows a network-based unauthenticated attacker to cause a Denial of Service (DoS) by sending a specific fragmented packet to the device, resulting in a flowd process crash, which is responsible for packet forwarding.
network
low complexity
juniper CWE-754
5.0
2022-04-14 CVE-2022-22186 Improper Initialization vulnerability in Juniper Junos
Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but not destined to the device, may be improperly forwarded to an egress interface, instead of being discarded.
network
low complexity
juniper CWE-665
6.4
2022-04-14 CVE-2022-22187 Improper Privilege Management vulnerability in Juniper Identity Management Service
An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repair operation.
local
low complexity
juniper CWE-269
7.2
2022-04-14 CVE-2022-22188 Uncontrolled Memory Allocation vulnerability in Juniper Junos 20.2
An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine (PFE) of Juniper Networks Junos OS allows a network-based unauthenticated attacker to flood the device with traffic leading to a Denial of Service (DoS).
network
juniper CWE-789
4.3
2022-04-14 CVE-2022-22189 Unspecified vulnerability in Juniper Contrail Service Orchestration 6.0.0
An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to.
local
low complexity
juniper
7.2
2022-04-14 CVE-2022-22190 Incorrect Authorization vulnerability in Juniper Paragon Active Assurance Control Center 3.1.0
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information.
network
juniper CWE-863
4.3
2022-04-14 CVE-2022-22191 Resource Exhaustion vulnerability in Juniper Junos
A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart.
low complexity
juniper CWE-400
6.1