Vulnerabilities > Juniper > Junos > 18.3

DATE CVE VULNERABILITY TITLE RISK
2019-04-10 CVE-2019-0037 Unspecified vulnerability in Juniper Junos
In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solicit messages received from a DHCPv6 client.
network
low complexity
juniper
7.5
7.5
2019-04-10 CVE-2019-0036 Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos
When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g.
network
low complexity
juniper CWE-754
critical
 9.8
9.8
2019-04-10 CVE-2019-0035 Insufficiently Protected Credentials vulnerability in Juniper Junos
When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected.
low complexity
juniper CWE-522
6.8
6.8
2019-04-10 CVE-2019-0019 Unspecified vulnerability in Juniper Junos
When BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon (rpd) process to crash and restart.
network
low complexity
juniper
7.5
7.5
2019-04-10 CVE-2019-0008 Out-of-bounds Write vulnerability in Juniper Junos
A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices.
network
low complexity
juniper CWE-787
critical
 9.8
9.8
2018-08-18 CVE-2018-15504 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2.
network
low complexity
embedthis juniper CWE-476
7.5
7.5
2016-03-09 CVE-2016-1286 named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. 8.6
8.6
2016-03-09 CVE-2016-1285 named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. 6.8
6.8