Vulnerabilities > Juniper
|2022-04-14||CVE-2022-22181|| Cross-site Scripting vulnerability in Juniper Junos |
A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a network-based authenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web.
| 3.5 |
|2022-04-14||CVE-2022-22182|| Cross-site Scripting vulnerability in Juniper Junos |
A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator.
| 4.3 |
|2022-04-14||CVE-2022-22183|| Improper Access Control vulnerability in Juniper Junos OS Evolved |
An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition.
| 7.8 |
|2022-04-14||CVE-2022-22185|| Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos |
A vulnerability in Juniper Networks Junos OS on SRX Series, allows a network-based unauthenticated attacker to cause a Denial of Service (DoS) by sending a specific fragmented packet to the device, resulting in a flowd process crash, which is responsible for packet forwarding.
| 5.0 |
|2022-04-14||CVE-2022-22186|| Improper Initialization vulnerability in Juniper Junos |
Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but not destined to the device, may be improperly forwarded to an egress interface, instead of being discarded.
| 6.4 |
|2022-04-14||CVE-2022-22187|| Improper Privilege Management vulnerability in Juniper Identity Management Service |
An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repair operation.
| 7.2 |
|2022-04-14||CVE-2022-22188|| Uncontrolled Memory Allocation vulnerability in Juniper Junos 20.2 |
An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine (PFE) of Juniper Networks Junos OS allows a network-based unauthenticated attacker to flood the device with traffic leading to a Denial of Service (DoS).
| 4.3 |
|2022-04-14||CVE-2022-22189|| Unspecified vulnerability in Juniper Contrail Service Orchestration 6.0.0 |
An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to.
| 7.2 |
|2022-04-14||CVE-2022-22190|| Incorrect Authorization vulnerability in Juniper Paragon Active Assurance Control Center 3.1.0 |
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information.
| 4.3 |
|2022-04-14||CVE-2022-22191|| Resource Exhaustion vulnerability in Juniper Junos |
A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart.
| 6.1 |