Vulnerabilities > Juniper > Junos > High

DATE CVE VULNERABILITY TITLE RISK
2021-04-22 CVE-2021-0230 Memory Leak vulnerability in Juniper Junos
On Juniper Networks SRX Series devices with link aggregation (lag) configured, executing any operation that fetches Aggregated Ethernet (AE) interface statistics, including but not limited to SNMP GET requests, causes a slow kernel memory leak.
network
low complexity
juniper CWE-401
7.5
2021-04-22 CVE-2021-0227 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Juniper Junos
An improper restriction of operations within the bounds of a memory buffer vulnerability in Juniper Networks Junos OS J-Web on SRX Series devices allows an attacker to cause Denial of Service (DoS) by sending certain crafted HTTP packets.
network
low complexity
juniper CWE-119
7.5
2021-01-15 CVE-2021-0223 Improper Privilege Management vulnerability in Juniper Junos
A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root.
local
low complexity
juniper CWE-269
7.8
2021-01-15 CVE-2021-0222 Unspecified vulnerability in Juniper Junos
A vulnerability in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending certain crafted protocol packets from an adjacent device with invalid payloads to the device.
low complexity
juniper
7.4
2021-01-15 CVE-2021-0218 OS Command Injection vulnerability in Juniper Junos
A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low privileges to execute commands with root privilege.
local
low complexity
juniper CWE-78
7.8
2021-01-15 CVE-2021-0217 Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos
A vulnerability in processing of certain DHCP packets from adjacent clients on EX Series and QFX Series switches running Juniper Networks Junos OS with DHCP local/relay server configured may lead to exhaustion of DMA memory causing a Denial of Service (DoS).
low complexity
juniper CWE-770
7.4
2021-01-15 CVE-2021-0208 Improper Input Validation vulnerability in Juniper Junos
An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malformed RSVP packet when bidirectional LSPs are in use, which when received by an egress router crashes the RPD causing a Denial of Service (DoS) condition.
low complexity
juniper CWE-20
8.8
2021-01-15 CVE-2021-0207 Interpretation Conflict vulnerability in Juniper Junos
An improper interpretation conflict of certain data between certain software components within the Juniper Networks Junos OS devices does not allow certain traffic to pass through the device upon receipt from an ingress interface filtering certain specific types of traffic which is then being redirected to an egress interface on a different VLAN.
network
low complexity
juniper CWE-436
7.5
2021-01-15 CVE-2021-0206 NULL Pointer Dereference vulnerability in Juniper Junos
A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to send a specific packet causing the packet forwarding engine (PFE) to crash and restart, resulting in a Denial of Service (DoS).
network
low complexity
juniper CWE-476
7.5
2021-01-15 CVE-2021-0204 Improper Privilege Management vulnerability in Juniper Junos
A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authenticated shell user the ability to create and read database files generated by the dexp utility, including password hashes of local users.
local
low complexity
juniper CWE-269
7.8