Vulnerabilities > Juniper > Junos > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-17 | CVE-2023-28984 | Use After Free vulnerability in Juniper Junos A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash and restart, leading to a Denial of Service (DoS). | 5.3 |
| 2023-04-17 | CVE-2023-1697 | Unspecified vulnerability in Juniper Junos An Improper Handling of Missing Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a dcpfe process core and thereby a Denial of Service (DoS). low complexity juniper | 6.5 |
| 2023-04-17 | CVE-2023-28959 | Improper Check or Handling of Exceptional Conditions vulnerability in Juniper Junos An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on QFX10002 allows an unauthenticated, adjacent attacker on the local broadcast domain sending a malformed packet to the device, causing all PFEs other than the inbound PFE to wedge and to eventually restart, resulting in a Denial of Service (DoS) condition. | 6.5 |
| 2023-04-17 | CVE-2023-28961 | Unspecified vulnerability in Juniper Junos An Improper Handling of Unexpected Data Type vulnerability in IPv6 firewall filter processing of Juniper Networks Junos OS on the ACX Series devices will prevent a firewall filter with the term 'from next-header ah' from being properly installed in the packet forwarding engine (PFE). | 5.3 |
| 2023-04-17 | CVE-2023-28963 | Improper Authentication vulnerability in Juniper Junos An Improper Authentication vulnerability in cert-mgmt.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to read arbitrary files from temporary folders on the device. | 5.3 |
| 2023-04-17 | CVE-2023-28968 | Allocation of Resources Without Limits or Throttling vulnerability in Juniper Appid Service Sigpack, Jdpi-Decoder Engine and Junos An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) Application Signature component of Junos OS's AppID service on SRX Series devices will stop the JDPI-Decoder from identifying dynamic application traffic, allowing an unauthenticated network-based attacker to send traffic to the target device using the JDPI-Decoder, designed to inspect dynamic application traffic and take action upon this traffic, to instead begin to not take action and to pass the traffic through. | 5.3 |
| 2023-04-17 | CVE-2023-28970 | Improper Handling of Exceptional Conditions vulnerability in Juniper Junos An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing on the network interfaces of Juniper Networks Junos OS on JRR200 route reflector appliances allows an adjacent, network-based attacker sending a specific packet to the device to cause a kernel crash, resulting in a Denial of Service (DoS). | 6.5 |
| 2023-04-17 | CVE-2023-28972 | Link Following vulnerability in Juniper Junos An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. | 6.8 |
| 2023-04-17 | CVE-2023-28974 | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos An Improper Check for Unusual or Exceptional Conditions vulnerability in the bbe-smgd of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). | 6.5 |
| 2023-04-17 | CVE-2023-28975 | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos An Unexpected Status Code or Return Value vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated attacker with physical access to the device to cause a Denial of Service (DoS). | 4.6 |