Vulnerabilities > Juniper > Junos > 18.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-22 | CVE-2021-0258 | Race Condition vulnerability in Juniper Junos 17.2/17.3/17.4 A vulnerability in the forwarding of transit TCPv6 packets received on the Ethernet management interface of Juniper Networks Junos OS allows an attacker to trigger a kernel panic, leading to a Denial of Service (DoS). | 7.1 |
| 2021-04-22 | CVE-2021-0256 | Improper Privilege Management vulnerability in Juniper Junos 17.3/17.4/18.1 A sensitive information disclosure vulnerability in the mosquitto message broker of Juniper Networks Junos OS may allow a locally authenticated user with shell access the ability to read portions of sensitive files, such as the master.passwd file. | 2.1 |
| 2021-04-22 | CVE-2021-0255 | Improper Privilege Management vulnerability in Juniper Junos 17.3/17.4/18.1 A local privilege escalation vulnerability in ethtraceroute of Juniper Networks Junos OS may allow a locally authenticated user with shell access to escalate privileges and write to the local filesystem as root. | 7.2 |
| 2021-04-22 | CVE-2021-0254 | Out-of-bounds Write vulnerability in Juniper Junos A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to remote code execution (RCE). | 7.5 |
| 2021-04-22 | CVE-2021-0253 | Command Injection vulnerability in Juniper Junos NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. | 4.6 |
| 2021-04-22 | CVE-2021-0252 | Command Injection vulnerability in Juniper Junos NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. | 4.6 |
| 2021-04-22 | CVE-2021-0251 | NULL Pointer Dereference vulnerability in Juniper Junos 17.3/17.4/18.1 A NULL Pointer Dereference vulnerability in the Captive Portal Content Delivery (CPCD) services daemon (cpcd) of Juniper Networks Junos OS on MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC allows an attacker to send malformed HTTP packets to the device thereby causing a Denial of Service (DoS), crashing the Multiservices PIC Management Daemon (mspmand) process thereby denying users the ability to login, while concurrently impacting other mspmand services and traffic through the device. | 5.0 |
| 2021-04-22 | CVE-2021-0250 | Unspecified vulnerability in Juniper Junos In segment routing traffic engineering (SRTE) environments where the BGP Monitoring Protocol (BMP) feature is enable, a vulnerability in the Routing Protocol Daemon (RPD) process of Juniper Networks Junos OS allows an attacker to send a specific crafted BGP update message causing the RPD service to core, creating a Denial of Service (DoS) Condition. | 5.0 |
| 2021-04-22 | CVE-2021-0249 | Classic Buffer Overflow vulnerability in Juniper Junos 15.1X49/17.4 On SRX Series devices configured with UTM services a buffer overflow vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS may allow an attacker to arbitrarily execute code or commands on the target to take over or otherwise impact the device by sending crafted packets to or through the device. | 10.0 |
| 2021-04-22 | CVE-2021-0248 | Use of Hard-coded Credentials vulnerability in Juniper Junos This issue is not applicable to NFX NextGen Software. | 7.5 |