Vulnerabilities > Juniper > Junos > 14.1x53
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-28 | CVE-2015-3006 | Insufficient Entropy vulnerability in Juniper Junos On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. | 6.8 |
| 2020-02-11 | CVE-2014-6447 | Cross-site Scripting vulnerability in Juniper Junos Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). | 5.8 |
| 2020-01-15 | CVE-2020-1607 | Cross-site Scripting vulnerability in Juniper Junos 12.3/15.1/16.1 Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. | 4.3 |
| 2020-01-15 | CVE-2020-1606 | Path Traversal vulnerability in Juniper Junos A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. | 6.5 |
| 2020-01-15 | CVE-2020-1604 | Unspecified vulnerability in Juniper Junos On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail. | 5.0 |
| 2019-10-09 | CVE-2019-0070 | Improper Input Validation vulnerability in Juniper Junos An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and execute commands outside their authorized scope of control. | 7.2 |
| 2019-10-09 | CVE-2019-0069 | Cleartext Transmission of Sensitive Information vulnerability in Juniper Junos On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series, when the user uses console management port to authenticate, the credentials used during device authentication are written to a log file in clear text. | 2.1 |
| 2019-10-09 | CVE-2019-0062 | Session Fixation vulnerability in Juniper Junos A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. | 6.8 |
| 2019-10-09 | CVE-2019-0057 | Unspecified vulnerability in Juniper Junos An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system. | 7.2 |
| 2019-10-09 | CVE-2019-0047 | Cross-site Scripting vulnerability in Juniper Junos A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative actions on the Junos device. | 4.3 |