Vulnerabilities > Juniper > Junos > 13.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-08 | CVE-2020-1614 | Use of Hard-coded Credentials vulnerability in Juniper Junos A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g. | 10.0 |
| 2020-02-11 | CVE-2014-6447 | Cross-site Scripting vulnerability in Juniper Junos Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). | 7.1 |
| 2020-01-15 | CVE-2014-6448 | Improper Privilege Management vulnerability in Juniper Junos Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access. | 7.8 |
| 2019-10-09 | CVE-2019-0070 | Improper Input Validation vulnerability in Juniper Junos An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and execute commands outside their authorized scope of control. | 8.8 |
| 2019-10-09 | CVE-2019-0057 | Unspecified vulnerability in Juniper Junos An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system. | 7.8 |
| 2017-10-13 | CVE-2016-4922 | Command Injection vulnerability in Juniper Junos Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. | 7.8 |
| 2017-07-17 | CVE-2017-10601 | Improper Authentication vulnerability in Juniper Junos A specific device configuration can result in a commit failure condition. | 9.8 |
| 2016-09-09 | CVE-2016-1275 | Resource Management Errors vulnerability in Juniper Junos Juniper Junos OS before 13.3R9, 14.1R6 before 14.1R6-S1, and 14.1 before 14.1R7, when configured with VPLS routing-instances, allows remote attackers to obtain sensitive mbuf information by injecting a flood of Ethernet frames with IPv6 MAC addresses directly into a connected interface. | 6.5 |
| 2016-04-15 | CVE-2016-1271 | Improper Input Validation vulnerability in Juniper Junos Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D25, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.2 before 14.2R4, 15.1 before 15.1R1 or 15.1F2, and 15.1X49 before 15.1X49-D15 allow local users to gain privileges via crafted combinations of CLI commands and arguments, a different vulnerability than CVE-2015-3003, CVE-2014-3816, and CVE-2014-0615. | 7.8 |
| 2016-04-15 | CVE-2016-1270 | Data Processing Errors vulnerability in Juniper Junos The rpd daemon in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D40, 13.3 before 13.3R6, 14.1 before 14.1R4, and 14.2 before 14.2R2, when configured with BGP-based L2VPN or VPLS, allows remote attackers to cause a denial of service (daemon restart) via a crafted L2VPN family BGP update. | 7.5 |