Vulnerabilities > Juniper > Junos > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-10 | CVE-2018-0002 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Juniper Junos On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP response packet processed through the device results in memory corruption leading to a flowd daemon crash. | 5.9 |
| 2017-10-13 | CVE-2017-10621 | Resource Exhaustion vulnerability in Juniper Junos A denial of service vulnerability in telnetd service on Juniper Networks Junos OS allows remote unauthenticated attackers to cause a denial of service. | 5.3 |
| 2017-10-13 | CVE-2017-10618 | Unspecified vulnerability in Juniper Junos When the 'bgp-error-tolerance' feature â€" designed to help mitigate remote session resets from malformed path attributes â€" is enabled, a BGP UPDATE containing a specifically crafted set of transitive attributes can cause the RPD routing process to crash and restart. | 5.9 |
| 2017-10-13 | CVE-2017-10613 | Resource Exhaustion vulnerability in Juniper Junos A vulnerability in a specific loopback filter action command, processed in a specific logical order of operation, in a running configuration of Juniper Networks Junos OS, allows an attacker with CLI access and the ability to initiate remote sessions to the loopback interface with the defined action, to hang the kernel. | 5.5 |
| 2017-10-13 | CVE-2017-10611 | Unspecified vulnerability in Juniper Junos If extended statistics are enabled via 'set chassis extended-statistics', when executing any operation that fetches interface statistics, including but not limited to SNMP GET requests, the pfem process or the FPC may crash and restart. | 5.9 |
| 2017-10-13 | CVE-2017-10610 | Improper Input Validation vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49 On SRX Series devices, a crafted ICMP packet embedded within a NAT64 IPv6 to IPv4 tunnel may cause the flowd process to crash. | 5.9 |
| 2017-10-13 | CVE-2016-4924 | Permission Issues vulnerability in Juniper Junos 14.1/15.1 An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. | 5.5 |
| 2017-10-13 | CVE-2016-4923 | Cross-site Scripting vulnerability in Juniper Junos Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may potentially allow a remote unauthenticated user to inject web script or HTML and steal sensitive data and credentials from a J-Web session and to perform administrative actions on the Junos device. | 6.1 |
| 2017-07-17 | CVE-2017-2346 | Unspecified vulnerability in Juniper Junos An MS-MPC or MS-MIC Service PIC may crash when large fragmented packets are passed through an Application Layer Gateway (ALG). | 5.9 |
| 2017-07-17 | CVE-2017-10604 | Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49 When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. | 5.3 |