Vulnerabilities > Juniper > Junos > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-01-15 CVE-2019-0002 Unspecified vulnerability in Juniper Junos 15.1X53/18.1/18.2
On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect.
network
low complexity
juniper
critical
9.8
2019-01-15 CVE-2019-0006 Use of Uninitialized Resource vulnerability in Juniper Junos 14.1X53/15.1/15.1X53
A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration.
network
low complexity
juniper CWE-908
critical
9.8
2019-01-15 CVE-2019-0007 Use of Insufficiently Random Values vulnerability in Juniper Junos 15.1
The vMX Series software uses a predictable IP ID Sequence Number.
network
low complexity
juniper CWE-330
critical
10.0
2018-10-10 CVE-2018-0057 Unspecified vulnerability in Juniper Junos
On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP address, even if there is a static MAC to IP address binding in the access profile.
network
low complexity
juniper
critical
9.6
2018-07-11 CVE-2018-0035 Unspecified vulnerability in Juniper Junos 15.1X53
QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended additional Open Network Install Environment (ONIE) partition.
network
low complexity
juniper
critical
9.8
2018-07-11 CVE-2018-0037 Improper Input Validation vulnerability in Juniper Junos 15.1
Junos OS routing protocol daemon (RPD) process may crash and restart or may lead to remote code execution while processing specific BGP NOTIFICATION messages.
network
low complexity
juniper CWE-20
critical
9.8
2018-01-10 CVE-2018-0001 Use After Free vulnerability in Juniper Junos
A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process.
network
low complexity
juniper CWE-416
critical
9.8
2018-01-10 CVE-2018-0007 Command Injection vulnerability in Juniper Junos
An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a denial of service.
network
low complexity
juniper CWE-77
critical
9.8
2017-10-13 CVE-2017-10615 Improper Input Validation vulnerability in Juniper Junos 14.1/14.1X53/14.2
A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to potentially execute arbitrary code or crash daemons such as telnetd or sshd that make use of PAM.
network
low complexity
juniper CWE-20
critical
9.8
2017-07-17 CVE-2017-10601 Improper Authentication vulnerability in Juniper Junos
A specific device configuration can result in a commit failure condition.
network
low complexity
juniper CWE-287
critical
9.8