Vulnerabilities > Juniper
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-10 | CVE-2019-0008 | Out-of-bounds Write vulnerability in Juniper Junos A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. | 9.8 |
| 2019-01-16 | CVE-2017-3145 | Use After Free vulnerability in multiple products BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. | 7.5 |
| 2019-01-15 | CVE-2019-0030 | Use of Password Hash With Insufficient Computational Effort vulnerability in Juniper Advanced Threat Prevention Firmware 5.0.0/5.0.1/5.0.2 Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. | 7.2 |
| 2019-01-15 | CVE-2019-0029 | Information Exposure Through Log Files vulnerability in Juniper Advanced Threat Prevention Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. | 7.8 |
| 2019-01-15 | CVE-2019-0027 | Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. | 5.4 |
| 2019-01-15 | CVE-2019-0026 | Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. | 5.4 |
| 2019-01-15 | CVE-2019-0025 | Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. | 5.4 |
| 2019-01-15 | CVE-2019-0024 | Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. | 5.4 |
| 2019-01-15 | CVE-2019-0023 | Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. | 5.4 |
| 2019-01-15 | CVE-2019-0022 | Use of Hard-coded Credentials vulnerability in Juniper Advanced Threat Prevention Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. | 9.8 |