Vulnerabilities > Juniper
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-10 | CVE-2018-0002 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Juniper Junos On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP response packet processed through the device results in memory corruption leading to a flowd daemon crash. | 5.9 |
| 2018-01-10 | CVE-2018-0001 | Use After Free vulnerability in Juniper Junos A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. | 9.8 |
| 2017-10-13 | CVE-2017-10624 | Insufficient Verification of Data Authenticity vulnerability in Juniper Junos Space Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. | 7.5 |
| 2017-10-13 | CVE-2017-10623 | Improper Authentication vulnerability in Juniper Junos Space Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. | 8.1 |
| 2017-10-13 | CVE-2017-10622 | Improper Authentication vulnerability in Juniper Junos Space 16.1/17.1 An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. | 9.8 |
| 2017-10-13 | CVE-2017-10621 | Resource Exhaustion vulnerability in Juniper Junos A denial of service vulnerability in telnetd service on Juniper Networks Junos OS allows remote unauthenticated attackers to cause a denial of service. | 5.3 |
| 2017-10-13 | CVE-2017-10620 | Improper Certificate Validation vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49 Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. | 7.4 |
| 2017-10-13 | CVE-2017-10619 | Unspecified vulnerability in Juniper Junos 12.3X48/15.1X49 When Express Path (formerly known as service offloading) is configured on Juniper Networks SRX1400, SRX3400, SRX3600, SRX5400, SRX5600, SRX5800 in high availability cluster configuration mode, certain multicast packets might cause the flowd process to crash, halting or interrupting traffic from flowing through the device and triggering RG1+ (data-plane) fail-over to the secondary node. | 7.5 |
| 2017-10-13 | CVE-2017-10618 | Unspecified vulnerability in Juniper Junos When the 'bgp-error-tolerance' feature â€" designed to help mitigate remote session resets from malformed path attributes â€" is enabled, a BGP UPDATE containing a specifically crafted set of transitive attributes can cause the RPD routing process to crash and restart. | 5.9 |
| 2017-10-13 | CVE-2017-10615 | Improper Input Validation vulnerability in Juniper Junos 14.1/14.1X53/14.2 A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to potentially execute arbitrary code or crash daemons such as telnetd or sshd that make use of PAM. | 9.8 |