Vulnerabilities > Juniper > Junos > 15.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-09 | CVE-2019-0047 | Cross-site Scripting vulnerability in Juniper Junos A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative actions on the Junos device. | 8.8 |
| 2019-07-11 | CVE-2019-0053 | Out-of-bounds Write vulnerability in multiple products Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. | 7.8 |
| 2019-04-10 | CVE-2019-0043 | Unspecified vulnerability in Juniper Junos In MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) process to crash and restart. | 7.5 |
| 2019-04-10 | CVE-2019-0040 | Information Exposure vulnerability in Juniper Junos On Junos OS, rpcbind should only be listening to port 111 on the internal routing instance (IRI). | 9.1 |
| 2019-04-10 | CVE-2019-0039 | Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Junos If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. | 8.1 |
| 2019-04-10 | CVE-2019-0037 | Unspecified vulnerability in Juniper Junos In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solicit messages received from a DHCPv6 client. | 7.5 |
| 2019-04-10 | CVE-2019-0036 | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. | 9.8 |
| 2019-04-10 | CVE-2019-0035 | Insufficiently Protected Credentials vulnerability in Juniper Junos When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. | 6.8 |
| 2019-01-15 | CVE-2019-0013 | Data Processing Errors vulnerability in Juniper Junos The routing protocol daemon (RPD) process will crash and restart when a specific invalid IPv4 PIM Join packet is received. | 7.5 |
| 2019-01-15 | CVE-2019-0012 | Unspecified vulnerability in Juniper Junos A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd) process to crash and restart. | 7.5 |