Vulnerabilities > Juniper > Junos > 12.1x44
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-08 | CVE-2020-1614 | Use of Hard-coded Credentials vulnerability in Juniper Junos A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g. | 10.0 |
| 2020-02-28 | CVE-2015-5361 | Inadequate Encryption Strength vulnerability in Juniper Junos Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. | 6.5 |
| 2020-02-11 | CVE-2014-6447 | Cross-site Scripting vulnerability in Juniper Junos Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). | 7.1 |
| 2019-10-09 | CVE-2019-0070 | Improper Input Validation vulnerability in Juniper Junos An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and execute commands outside their authorized scope of control. | 8.8 |
| 2019-10-09 | CVE-2019-0057 | Unspecified vulnerability in Juniper Junos An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system. | 7.8 |
| 2019-04-10 | CVE-2019-0036 | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. | 9.8 |
| 2017-10-13 | CVE-2016-4923 | Cross-site Scripting vulnerability in Juniper Junos Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may potentially allow a remote unauthenticated user to inject web script or HTML and steal sensitive data and credentials from a J-Web session and to perform administrative actions on the Junos device. | 6.1 |
| 2017-10-13 | CVE-2016-1261 | Cross-Site Request Forgery (CSRF) vulnerability in Juniper Junos J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues or cause a denial of J-Web service (DoS). | 8.8 |
| 2017-07-17 | CVE-2017-2349 | Command Injection vulnerability in Juniper Junos A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges. | 8.8 |
| 2017-05-30 | CVE-2017-2300 | Unspecified vulnerability in Juniper Junos On Juniper Networks SRX Series Services Gateways chassis clusters running Junos OS 12.1X46 prior to 12.1X46-D65, 12.3X48 prior to 12.3X48-D40, 12.3X48 prior to 12.3X48-D60, flowd daemon on the primary node of an SRX Series chassis cluster may crash and restart when attempting to synchronize a multicast session created via crafted multicast packets. | 7.5 |