Vulnerabilities > Juniper > Junos > 20.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-15 | CVE-2021-0221 | Infinite Loop vulnerability in Juniper Junos 17.3/17.4/18.1 In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on a PE, a traffic loop may occur upon receipt of specific IP multicast traffic. | 2.9 |
| 2021-01-15 | CVE-2021-0219 | OS Command Injection vulnerability in Juniper Junos A command injection vulnerability in install package validation subsystem of Juniper Networks Junos OS that may allow a locally authenticated attacker with privileges to execute commands with root privilege. | 7.2 |
| 2021-01-15 | CVE-2021-0218 | OS Command Injection vulnerability in Juniper Junos A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low privileges to execute commands with root privilege. | 7.2 |
| 2021-01-15 | CVE-2021-0217 | Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos A vulnerability in processing of certain DHCP packets from adjacent clients on EX Series and QFX Series switches running Juniper Networks Junos OS with DHCP local/relay server configured may lead to exhaustion of DMA memory causing a Denial of Service (DoS). | 3.3 |
| 2021-01-15 | CVE-2021-0211 | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos 17.3/17.4/18.1 An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (RPD) service allows an attacker to send a valid BGP FlowSpec message thereby causing an unexpected change in the route advertisements within the BGP FlowSpec domain leading to disruptions in network traffic causing a Denial of Service (DoS) condition. | 6.4 |
| 2021-01-15 | CVE-2021-0210 | Information Exposure vulnerability in Juniper Junos An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the target system through opportunistic use of an authenticated users session. | 5.0 |
| 2021-01-15 | CVE-2021-0208 | Improper Input Validation vulnerability in Juniper Junos 15.1X49/17.3/17.4 An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malformed RSVP packet when bidirectional LSPs are in use, which when received by an egress router crashes the RPD causing a Denial of Service (DoS) condition. | 3.3 |
| 2021-01-15 | CVE-2021-0205 | Unspecified vulnerability in Juniper Junos 17.3/17.4/18.1 When the "Intrusion Detection Service" (IDS) feature is configured on Juniper Networks MX series with a dynamic firewall filter using IPv6 source or destination prefix, it may incorrectly match the prefix as /32, causing the filter to block unexpected traffic. network juniper | 4.3 |
| 2021-01-15 | CVE-2021-0204 | Improper Privilege Management vulnerability in Juniper Junos A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authenticated shell user the ability to create and read database files generated by the dexp utility, including password hashes of local users. | 7.2 |
| 2021-01-15 | CVE-2021-0203 | Unspecified vulnerability in Juniper Junos 15.1/16.1 On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm Control profile applied on the RTG interface might not take affect when it reaches the threshold condition. network juniper | 4.3 |