Vulnerabilities > Juniper > Junos > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-01-19 CVE-2022-22169 Unspecified vulnerability in Juniper Junos 15.1/18.3
An Improper Initialization vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker who sends specific packets in certain orders and at specific timings to force OSPFv3 to unexpectedly enter graceful-restart (GR helper mode) even though there is not any Grace-LSA received in OSPFv3 causing a Denial of Service (DoS).
network
high complexity
juniper
5.9
2022-01-19 CVE-2022-22172 Unspecified vulnerability in Juniper Junos and Junos OS Evolved
A Missing Release of Memory after Effective Lifetime vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a memory leak.
low complexity
juniper
6.5
2022-01-19 CVE-2022-22176 Improper Input Validation vulnerability in Juniper Junos
An Improper Validation of Syntactic Correctness of Input vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker sending a malformed DHCP packet to cause a crash of jdhcpd and thereby a Denial of Service (DoS).
low complexity
juniper CWE-20
6.5
2022-01-19 CVE-2022-22179 Improper Input Validation vulnerability in Juniper Junos
A Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a crash of jdhcpd and thereby a Denial of Service (DoS).
low complexity
juniper CWE-20
6.5
2021-10-19 CVE-2021-31355 Cross-site Scripting vulnerability in Juniper Junos
A persistent cross-site scripting (XSS) vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
network
low complexity
juniper CWE-79
5.4
2021-10-19 CVE-2021-31370 Unspecified vulnerability in Juniper Junos
An Incomplete List of Disallowed Inputs vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an adjacent unauthenticated attacker which sends a high rate of specific multicast traffic to cause control traffic received from the network to be dropped.
low complexity
juniper
6.5
2021-10-19 CVE-2021-31373 Cross-site Scripting vulnerability in Juniper Junos
A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts.
network
low complexity
juniper CWE-79
5.4
2021-10-19 CVE-2021-31375 Unspecified vulnerability in Juniper Junos
An Improper Input Validation vulnerability in routing process daemon (RPD) of Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI), allows an attacker to send a specific BGP update which may cause RPKI policy-checks to be bypassed.
network
low complexity
juniper
5.3
2021-10-19 CVE-2021-31386 Unspecified vulnerability in Juniper Junos
A Protection Mechanism Failure vulnerability in the J-Web HTTP service of Juniper Networks Junos OS allows a remote unauthenticated attacker to perform Person-in-the-Middle (PitM) attacks against the device.
network
high complexity
juniper
5.9
2021-07-15 CVE-2021-0289 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Juniper Junos
When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer.
high complexity
juniper CWE-367
5.3