Vulnerabilities > Juniper > Junos Space > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-15 | CVE-2019-0017 | Unrestricted Upload of File with Dangerous Type vulnerability in Juniper Junos Space The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. | 8.8 |
| 2018-01-10 | CVE-2018-0012 | Unspecified vulnerability in Juniper Junos Space Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges. | 7.8 |
| 2017-10-13 | CVE-2017-10624 | Insufficient Verification of Data Authenticity vulnerability in Juniper Junos Space 15.1 Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. | 7.5 |
| 2017-10-13 | CVE-2017-10623 | Improper Authentication vulnerability in Juniper Junos Space Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. | 8.1 |
| 2017-10-13 | CVE-2017-10612 | Cross-site Scripting vulnerability in Juniper Junos Space A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. | 8.0 |
| 2017-05-30 | CVE-2017-2306 | Incorrect Authorization vulnerability in Juniper Junos Space 14.1 On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device. | 8.8 |
| 2017-05-30 | CVE-2017-2305 | Incorrect Authorization vulnerability in Juniper Junos Space 14.1 On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation. | 8.8 |
| 2017-03-20 | CVE-2016-4929 | Command Injection vulnerability in Juniper Junos Space Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user. | 8.8 |
| 2017-03-20 | CVE-2016-4928 | Cross-Site Request Forgery (CSRF) vulnerability in Juniper Junos Space Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space. | 8.8 |
| 2017-03-20 | CVE-2016-4927 | Improper Input Validation vulnerability in Juniper Junos Space Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices. | 8.1 |