Vulnerabilities > Juniper > Junos > 13.2x52
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-19 | CVE-2021-31368 | Resource Exhaustion vulnerability in Juniper Junos An Uncontrolled Resource Consumption vulnerability in the kernel of Juniper Networks JUNOS OS allows an unauthenticated network based attacker to cause 100% CPU load and the device to become unresponsive by sending a flood of traffic to the out-of-band management ethernet port. | 7.8 |
2021-10-19 | CVE-2021-31369 | Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos On MX Series platforms with MS-MPC/MS-MIC, an Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated network attacker to cause a partial Denial of Service (DoS) with a high rate of specific traffic. | 4.3 |
2021-10-19 | CVE-2021-31371 | Unspecified vulnerability in Juniper Junos Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. | 5.0 |
2021-10-19 | CVE-2021-31372 | Improper Input Validation vulnerability in Juniper Junos An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated J-Web attacker to escalate their privileges to root over the target device. | 9.0 |
2021-07-15 | CVE-2021-0289 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Juniper Junos When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. | 2.9 |
2021-04-22 | CVE-2021-0248 | Use of Hard-coded Credentials vulnerability in Juniper Junos This issue is not applicable to NFX NextGen Software. | 7.5 |
2020-04-08 | CVE-2020-1614 | Use of Hard-coded Credentials vulnerability in Juniper Junos A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g. | 9.3 |
2020-02-28 | CVE-2015-3006 | Insufficient Entropy vulnerability in Juniper Junos On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. | 6.8 |
2020-01-15 | CVE-2014-6448 | Improper Privilege Management vulnerability in Juniper Junos Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access. | 7.2 |
2019-10-09 | CVE-2019-0070 | Improper Input Validation vulnerability in Juniper Junos An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and execute commands outside their authorized scope of control. | 7.2 |