Vulnerabilities > Juniper > Junos > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-01-15 CVE-2020-1607 Cross-site Scripting vulnerability in Juniper Junos
Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user.
network
low complexity
juniper CWE-79
6.1
2020-01-15 CVE-2020-1604 Unspecified vulnerability in Juniper Junos
On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail.
network
low complexity
juniper
5.3
2020-01-15 CVE-2020-1600 Infinite Loop vulnerability in Juniper Junos
In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition.
network
low complexity
juniper CWE-835
6.5
2019-10-09 CVE-2019-0074 Path Traversal vulnerability in Juniper Junos
A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine (NG-RE) allows a local authenticated user to read sensitive system files.
local
low complexity
juniper CWE-22
5.5
2019-10-09 CVE-2019-0069 Cleartext Transmission of Sensitive Information vulnerability in Juniper Junos
On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series, when the user uses console management port to authenticate, the credentials used during device authentication are written to a log file in clear text.
local
low complexity
juniper CWE-319
5.5
2019-10-09 CVE-2019-0067 Unspecified vulnerability in Juniper Junos 16.1/16.2/17.1
Receipt of a specific link-local IPv6 packet destined to the RE may cause the system to crash and restart (vmcore).
low complexity
juniper
6.5
2019-07-11 CVE-2019-0048 Unspecified vulnerability in Juniper Junos
On EX4300 Series switches with TCAM optimization enabled, incoming multicast traffic matches an implicit loopback filter rule first, since it has high priority.
network
low complexity
juniper
5.8
2019-07-11 CVE-2019-0046 Resource Exhaustion vulnerability in Juniper Junos
A vulnerability in the pfe-chassisd Chassis Manager (CMLC) daemon of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the EX4300 when specific valid broadcast packets create a broadcast storm condition when received on the me0 interface of the EX4300 Series device.
low complexity
juniper CWE-400
6.5
2019-04-20 CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. 6.1
2019-04-10 CVE-2019-0038 Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos
Crafted packets destined to the management interface (fxp0) of an SRX340 or SRX345 services gateway may create a denial of service (DoS) condition due to buffer space exhaustion.
low complexity
juniper CWE-770
6.5