Vulnerabilities > Juniper > Junos
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-06 | CVE-2020-10188 | Classic Buffer Overflow vulnerability in multiple products utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. network low complexity netkit-telnet-project fedoraproject debian arista oracle juniper CWE-120 critical | 9.8 |
| 2020-02-28 | CVE-2015-5361 | Inadequate Encryption Strength vulnerability in Juniper Junos Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. | 6.5 |
| 2020-02-28 | CVE-2015-3006 | Insufficient Entropy vulnerability in Juniper Junos On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. | 6.5 |
| 2020-02-11 | CVE-2014-6447 | Cross-site Scripting vulnerability in Juniper Junos Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). | 7.1 |
| 2020-01-15 | CVE-2014-6448 | Improper Privilege Management vulnerability in Juniper Junos Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access. | 7.8 |
| 2020-01-15 | CVE-2020-1609 | OS Command Injection vulnerability in Juniper Junos When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device. | 8.8 |
| 2020-01-15 | CVE-2020-1608 | Unspecified vulnerability in Juniper Junos Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot. | 7.5 |
| 2020-01-15 | CVE-2020-1607 | Cross-site Scripting vulnerability in Juniper Junos Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. | 6.1 |
| 2020-01-15 | CVE-2020-1606 | Path Traversal vulnerability in Juniper Junos A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. | 8.1 |
| 2020-01-15 | CVE-2020-1605 | OS Command Injection vulnerability in Juniper Junos When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device. | 8.8 |