Vulnerabilities > Juniper > Junos > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-18 | CVE-2022-22240 | Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos An Allocation of Resources Without Limits or Throttling and a Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated low privileged attacker to cause a Denial of Sevice (DoS). | 5.5 |
| 2022-10-18 | CVE-2022-22242 | Cross-site Scripting vulnerability in Juniper Junos A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. | 6.1 |
| 2022-10-18 | CVE-2022-22243 | XML Injection (aka Blind XPath Injection) vulnerability in Juniper Junos An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to add an XPath command to the XPath stream, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. | 4.3 |
| 2022-10-18 | CVE-2022-22244 | XML Injection (aka Blind XPath Injection) vulnerability in Juniper Junos An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker sending a crafted POST to reach the XPath channel, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. | 5.3 |
| 2022-10-18 | CVE-2022-22245 | Path Traversal vulnerability in Juniper Junos A Path Traversal vulnerability in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to upload arbitrary files to the device by bypassing validation checks built into Junos OS. | 4.3 |
| 2022-10-18 | CVE-2022-22249 | Unspecified vulnerability in Juniper Junos An Improper Control of a Resource Through its Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). low complexity juniper | 6.5 |
| 2022-10-18 | CVE-2022-22250 | Unspecified vulnerability in Juniper Junos An Improper Control of a Resource Through its Lifetime vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows unauthenticated adjacent attacker to cause a Denial of Service (DoS). low complexity juniper | 6.5 |
| 2022-07-20 | CVE-2022-22202 | Improper Handling of Exceptional Conditions vulnerability in Juniper Junos An Improper Handling of Exceptional Conditions vulnerability on specific PTX Series devices, including the PTX1000, PTX3000 (NextGen), PTX5000, PTX10002-60C, PTX10008, and PTX10016 Series, in Juniper Networks Junos OS allows an unauthenticated MPLS-based attacker to cause a Denial of Service (DoS) by triggering the dcpfe process to crash and FPC to restart. | 6.5 |
| 2022-07-20 | CVE-2022-22203 | Incorrect Comparison vulnerability in Juniper Junos 19.4 An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). | 6.5 |
| 2022-07-20 | CVE-2022-22204 | Memory Leak vulnerability in Juniper Junos An Improper Release of Memory Before Removing Last Reference vulnerability in the Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Juniper Networks Junos OS allows unauthenticated network-based attacker to cause a partial Denial of Service (DoS). | 5.3 |