Vulnerabilities > Juniper > Junos > 17.1

DATE CVE VULNERABILITY TITLE RISK
2018-10-10 CVE-2018-0054 Resource Exhaustion vulnerability in Juniper Junos
On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause frames or an ARP packet storm received on the management interface (fxp0) can cause egress interface congestion, resulting in routing protocol packet drops, such as BGP, leading to peering flaps.
low complexity
juniper CWE-400
3.3
2018-10-10 CVE-2018-0052 Improper Authentication vulnerability in Juniper Junos
If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device.
network
juniper CWE-287
critical
9.3
2018-10-10 CVE-2018-0051 Improper Input Validation vulnerability in Juniper Junos
A Denial of Service vulnerability in the SIP application layer gateway (ALG) component of Junos OS based platforms allows an attacker to crash MS-PIC, MS-MIC, MS-MPC, MS-DPC or SRX flow daemon (flowd) process.
network
juniper CWE-20
4.3
2018-10-10 CVE-2018-0049 NULL Pointer Dereference vulnerability in Juniper Junos
A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to cause the Junos OS kernel to crash.
network
juniper CWE-476
7.1
2018-10-10 CVE-2018-0045 Improper Input Validation vulnerability in Juniper Junos
Receipt of a specific Draft-Rosen MVPN control packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution.
low complexity
juniper CWE-20
5.8
2018-10-10 CVE-2018-0043 Improper Input Validation vulnerability in Juniper Junos
Receipt of a specific MPLS packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution.
low complexity
juniper CWE-20
5.8
2018-08-18 CVE-2018-15505 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2.
network
low complexity
embedthis juniper CWE-476
7.5
2018-08-18 CVE-2018-15504 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2.
network
low complexity
embedthis juniper CWE-476
7.5
2018-07-11 CVE-2018-0034 Improper Input Validation vulnerability in Juniper Junos
A Denial of Service vulnerability exists in the Juniper Networks Junos OS JDHCPD daemon which allows an attacker to core the JDHCPD daemon by sending a crafted IPv6 packet to the system.
network
juniper CWE-20
4.3
2018-07-11 CVE-2018-0031 Resource Exhaustion vulnerability in Juniper Junos
Receipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall filter.
network
juniper CWE-400
4.3