Vulnerabilities > Juniper > Junos > 14.2r6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-18 | CVE-2022-22234 | Unspecified vulnerability in Juniper Junos An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). | 5.5 |
| 2022-10-18 | CVE-2022-22238 | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). | 6.5 |
| 2022-10-18 | CVE-2022-22241 | Deserialization of Untrusted Data vulnerability in Juniper Junos An Improper Input Validation vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data without proper authorization. | 9.8 |
| 2022-10-18 | CVE-2022-22242 | Cross-site Scripting vulnerability in Juniper Junos A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. | 6.1 |
| 2022-10-18 | CVE-2022-22243 | XML Injection (aka Blind XPath Injection) vulnerability in Juniper Junos An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to add an XPath command to the XPath stream, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. | 4.3 |
| 2022-10-18 | CVE-2022-22244 | XML Injection (aka Blind XPath Injection) vulnerability in Juniper Junos An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker sending a crafted POST to reach the XPath channel, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. | 5.3 |
| 2022-10-18 | CVE-2022-22245 | Path Traversal vulnerability in Juniper Junos A Path Traversal vulnerability in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to upload arbitrary files to the device by bypassing validation checks built into Junos OS. | 4.3 |
| 2022-10-18 | CVE-2022-22246 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Juniper Junos A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged authenticated attacker to execute an untrusted PHP file. | 8.8 |
| 2022-10-18 | CVE-2022-22249 | Unspecified vulnerability in Juniper Junos An Improper Control of a Resource Through its Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). low complexity juniper | 6.5 |
| 2022-04-14 | CVE-2022-22181 | Cross-site Scripting vulnerability in Juniper Junos A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a network-based authenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web. | 3.5 |