Vulnerabilities > Juniper > Junos > 18.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-09 | CVE-2019-0056 | Unspecified vulnerability in Juniper Junos This issue only affects devices with three (3) or more MPC10's installed in a single chassis with OSPF enabled and configured on the device. | 7.5 |
| 2019-10-09 | CVE-2019-0051 | Improper Handling of Exceptional Conditions vulnerability in Juniper Junos SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation which can be exploited by remote SSL/TLS servers to crash the flowd daemon. | 7.5 |
| 2019-10-09 | CVE-2019-0050 | Unspecified vulnerability in Juniper Junos Under certain heavy traffic conditions srxpfe process can crash and result in a denial of service condition for the SRX1500 device. | 7.5 |
| 2019-10-09 | CVE-2019-0047 | Cross-site Scripting vulnerability in Juniper Junos A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative actions on the Junos device. | 8.8 |
| 2019-07-11 | CVE-2019-0053 | Out-of-bounds Write vulnerability in multiple products Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. | 7.8 |
| 2019-07-11 | CVE-2019-0052 | Interpretation Conflict vulnerability in Juniper Junos The srxpfe process may crash on SRX Series services gateways when the UTM module processes a specific fragmented HTTP packet. | 7.5 |
| 2019-04-10 | CVE-2019-0036 | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. | 9.8 |
| 2019-04-10 | CVE-2019-0019 | Unspecified vulnerability in Juniper Junos When BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon (rpd) process to crash and restart. | 7.5 |
| 2018-08-18 | CVE-2018-15504 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. | 7.5 |
| 2016-03-09 | CVE-2016-1286 | named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. | 8.6 |