Vulnerabilities > Juniper > Junos > 19.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-18 | CVE-2022-22245 | Path Traversal vulnerability in Juniper Junos A Path Traversal vulnerability in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to upload arbitrary files to the device by bypassing validation checks built into Junos OS. | 4.3 |
2022-10-18 | CVE-2022-22246 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Juniper Junos A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged authenticated attacker to execute an untrusted PHP file. | 8.8 |
2022-10-18 | CVE-2022-22249 | Unspecified vulnerability in Juniper Junos An Improper Control of a Resource Through its Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). low complexity juniper | 6.5 |
2022-10-18 | CVE-2022-22250 | Unspecified vulnerability in Juniper Junos An Improper Control of a Resource Through its Lifetime vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows unauthenticated adjacent attacker to cause a Denial of Service (DoS). low complexity juniper | 6.5 |
2022-04-14 | CVE-2022-22181 | Cross-site Scripting vulnerability in Juniper Junos A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a network-based authenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web. | 3.5 |
2022-04-14 | CVE-2022-22182 | Cross-site Scripting vulnerability in Juniper Junos A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. | 4.3 |
2022-04-14 | CVE-2022-22185 | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos A vulnerability in Juniper Networks Junos OS on SRX Series, allows a network-based unauthenticated attacker to cause a Denial of Service (DoS) by sending a specific fragmented packet to the device, resulting in a flowd process crash, which is responsible for packet forwarding. | 5.0 |
2022-04-14 | CVE-2022-22186 | Improper Initialization vulnerability in Juniper Junos Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but not destined to the device, may be improperly forwarded to an egress interface, instead of being discarded. | 6.4 |
2022-04-14 | CVE-2022-22191 | Resource Exhaustion vulnerability in Juniper Junos A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart. | 6.1 |
2022-04-14 | CVE-2022-22197 | Operation on a Resource after Expiration or Release vulnerability in Juniper Junos and Junos OS Evolved An Operation on a Resource after Expiration or Release vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker with an established BGP session to cause a Denial of Service (DoS). | 4.3 |