Vulnerabilities > Juniper > Junos > 14.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-13 | CVE-2017-10615 | Improper Input Validation vulnerability in Juniper Junos 14.1/14.1X53/14.2 A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to potentially execute arbitrary code or crash daemons such as telnetd or sshd that make use of PAM. | 9.8 |
| 2017-10-13 | CVE-2017-10614 | Resource Exhaustion vulnerability in Juniper Junos A vulnerability in telnetd service on Junos OS allows a remote attacker to cause a limited memory and/or CPU consumption denial of service attack. | 7.5 |
| 2017-10-13 | CVE-2017-10613 | Resource Exhaustion vulnerability in Juniper Junos A vulnerability in a specific loopback filter action command, processed in a specific logical order of operation, in a running configuration of Juniper Networks Junos OS, allows an attacker with CLI access and the ability to initiate remote sessions to the loopback interface with the defined action, to hang the kernel. | 5.5 |
| 2017-10-13 | CVE-2017-10611 | Unspecified vulnerability in Juniper Junos If extended statistics are enabled via 'set chassis extended-statistics', when executing any operation that fetches interface statistics, including but not limited to SNMP GET requests, the pfem process or the FPC may crash and restart. | 5.9 |
| 2017-10-13 | CVE-2016-4924 | Permission Issues vulnerability in Juniper Junos 14.1/15.1 An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. | 5.5 |
| 2017-10-13 | CVE-2016-4923 | Cross-site Scripting vulnerability in Juniper Junos Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may potentially allow a remote unauthenticated user to inject web script or HTML and steal sensitive data and credentials from a J-Web session and to perform administrative actions on the Junos device. | 6.1 |
| 2017-10-13 | CVE-2016-4922 | Command Injection vulnerability in Juniper Junos Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. | 7.8 |
| 2017-10-13 | CVE-2016-4921 | Resource Management Errors vulnerability in Juniper Junos By flooding a Juniper Networks router running Junos OS with specially crafted IPv6 traffic, all available resources can be consumed, leading to the inability to store next hop information for legitimate traffic. | 7.5 |
| 2017-10-13 | CVE-2016-1261 | Cross-Site Request Forgery (CSRF) vulnerability in Juniper Junos J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues or cause a denial of J-Web service (DoS). | 8.8 |
| 2017-07-17 | CVE-2017-2347 | Improper Input Validation vulnerability in Juniper Junos A denial of service vulnerability in rpd daemon of Juniper Networks Junos OS allows a malformed MPLS ping packet to crash the rpd daemon if MPLS OAM is configured. | 7.5 |