Vulnerabilities > Juniper > Junos > 21.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-19 | CVE-2022-22180 | Unspecified vulnerability in Juniper Junos An Improper Check for Unusual or Exceptional Conditions vulnerability in the processing of specific IPv6 packets on certain EX Series devices may lead to exhaustion of DMA memory causing a Denial of Service (DoS). | 7.5 |
| 2021-10-19 | CVE-2021-31354 | Out-of-bounds Read vulnerability in Juniper Junos and Junos OS Evolved An Out Of Bounds (OOB) access vulnerability in the handling of responses by a Juniper Agile License (JAL) Client in Juniper Networks Junos OS and Junos OS Evolved, configured in Network Mode (to use Juniper Agile License Manager) may allow an attacker to cause a partial Denial of Service (DoS), or lead to remote code execution (RCE). | 8.8 |
| 2021-10-19 | CVE-2021-31355 | Cross-site Scripting vulnerability in Juniper Junos A persistent cross-site scripting (XSS) vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. | 5.4 |
| 2021-10-19 | CVE-2021-31370 | Unspecified vulnerability in Juniper Junos An Incomplete List of Disallowed Inputs vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an adjacent unauthenticated attacker which sends a high rate of specific multicast traffic to cause control traffic received from the network to be dropped. low complexity juniper | 6.5 |
| 2021-10-19 | CVE-2021-31378 | Missing Release of Resource after Effective Lifetime vulnerability in Juniper Junos In broadband environments, including but not limited to Enhanced Subscriber Management, (CHAP, PPP, DHCP, etc.), on Juniper Networks Junos OS devices where RADIUS servers are configured for managing subscriber access and a subscriber is logged in and then requests to logout, the subscriber may be forced into a "Terminating" state by an attacker who is able to send spoofed messages appearing to originate from trusted RADIUS server(s) destined to the device in response to the subscriber's request. | 7.5 |
| 2021-10-19 | CVE-2021-31382 | Race Condition vulnerability in Juniper Junos On PTX1000 System, PTX10002-60C System, after upgrading to an affected release, a Race Condition vulnerability between the chassis daemon (chassisd) and firewall process (dfwd) of Juniper Networks Junos OS, may update the device's interfaces with incorrect firewall filters. | 9.0 |
| 2021-10-19 | CVE-2021-31384 | Missing Authorization vulnerability in Juniper Junos 20.4/21.1 Due to a Missing Authorization weakness and Insufficient Granularity of Access Control in a specific device configuration, a vulnerability exists in Juniper Networks Junos OS on SRX Series whereby an attacker who attempts to access J-Web administrative interfaces can successfully do so from any device interface regardless of the web-management configuration and filter rules which may otherwise protect access to J-Web. | 10.0 |
| 2021-10-19 | CVE-2021-31386 | Unspecified vulnerability in Juniper Junos A Protection Mechanism Failure vulnerability in the J-Web HTTP service of Juniper Networks Junos OS allows a remote unauthenticated attacker to perform Person-in-the-Middle (PitM) attacks against the device. | 5.9 |
| 2021-07-15 | CVE-2021-0278 | Improper Input Validation vulnerability in Juniper Junos An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. | 7.8 |
| 2021-07-15 | CVE-2021-0289 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Juniper Junos When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. | 5.3 |