Vulnerabilities > Juniper > Junos > High

DATE CVE VULNERABILITY TITLE RISK
2019-10-09 CVE-2019-0057 Unspecified vulnerability in Juniper Junos
An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system.
local
low complexity
juniper
7.8
2019-10-09 CVE-2019-0056 Unspecified vulnerability in Juniper Junos
This issue only affects devices with three (3) or more MPC10's installed in a single chassis with OSPF enabled and configured on the device.
network
low complexity
juniper
7.5
2019-10-09 CVE-2019-0055 Unspecified vulnerability in Juniper Junos
A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific types of valid SIP traffic to the device.
network
low complexity
juniper
7.5
2019-10-09 CVE-2019-0054 Improper Certificate Validation vulnerability in Juniper Junos 15.1X49
An Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client of Juniper Networks Junos OS allows an attacker to perform Man-in-the-Middle (MitM) attacks which may compromise the integrity and confidentiality of the device.
network
high complexity
juniper CWE-295
7.4
2019-10-09 CVE-2019-0051 Improper Handling of Exceptional Conditions vulnerability in Juniper Junos
SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation which can be exploited by remote SSL/TLS servers to crash the flowd daemon.
network
low complexity
juniper CWE-755
7.5
2019-10-09 CVE-2019-0050 Unspecified vulnerability in Juniper Junos
Under certain heavy traffic conditions srxpfe process can crash and result in a denial of service condition for the SRX1500 device.
network
low complexity
juniper
7.5
2019-10-09 CVE-2019-0047 Cross-site Scripting vulnerability in Juniper Junos
A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative actions on the Junos device.
network
low complexity
juniper CWE-79
8.8
2019-07-11 CVE-2019-0053 Out-of-bounds Write vulnerability in multiple products
Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS.
local
low complexity
juniper debian CWE-787
7.8
2019-07-11 CVE-2019-0052 Interpretation Conflict vulnerability in Juniper Junos
The srxpfe process may crash on SRX Series services gateways when the UTM module processes a specific fragmented HTTP packet.
network
low complexity
juniper CWE-436
7.5
2019-07-11 CVE-2019-0049 Unspecified vulnerability in Juniper Junos
On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a certain sequence of BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and restart.
network
low complexity
juniper
7.5