Vulnerabilities > Juniper
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-15 | CVE-2019-0021 | Information Exposure Through Log Files vulnerability in Juniper Advanced Threat Prevention On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information. | 5.5 |
| 2019-01-15 | CVE-2019-0020 | Use of Hard-coded Credentials vulnerability in Juniper Advanced Threat Prevention Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. | 9.8 |
| 2019-01-15 | CVE-2019-0018 | Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. | 5.4 |
| 2019-01-15 | CVE-2019-0017 | Unrestricted Upload of File with Dangerous Type vulnerability in Juniper Junos Space The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. | 8.8 |
| 2019-01-15 | CVE-2019-0016 | Unspecified vulnerability in Juniper Junos Space A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. | 6.5 |
| 2019-01-15 | CVE-2019-0015 | Insufficient Session Expiration vulnerability in Juniper Junos A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. | 5.4 |
| 2019-01-15 | CVE-2019-0014 | Data Processing Errors vulnerability in Juniper Junos 17.2X75/17.4/18.2 On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all interfaces to go down. | 7.5 |
| 2019-01-15 | CVE-2019-0013 | Data Processing Errors vulnerability in Juniper Junos The routing protocol daemon (RPD) process will crash and restart when a specific invalid IPv4 PIM Join packet is received. | 7.5 |
| 2019-01-15 | CVE-2019-0012 | Unspecified vulnerability in Juniper Junos A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd) process to crash and restart. | 7.5 |
| 2019-01-15 | CVE-2019-0011 | Unspecified vulnerability in Juniper Junos The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface (such as fxp0, me0, em0, vme0) destined for another address. low complexity juniper | 6.5 |