Vulnerabilities > Juniper
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-2341 | Improper Authentication vulnerability in Juniper Junos An insufficient authentication vulnerability on platforms where Junos OS instances are run in a virtualized environment, may allow unprivileged users on the Junos OS instance to gain access to the host operating environment, and thus escalate privileges. | 8.8 |
| 2017-07-17 | CVE-2017-2339 | Cross-site Scripting vulnerability in Juniper Screenos 6.3.0 A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. | 5.4 |
| 2017-07-17 | CVE-2017-2338 | Cross-site Scripting vulnerability in Juniper Screenos 6.3.0 A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. | 5.4 |
| 2017-07-17 | CVE-2017-2337 | Cross-site Scripting vulnerability in Juniper Screenos 6.3.0 A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. | 5.4 |
| 2017-07-17 | CVE-2017-2336 | Cross-site Scripting vulnerability in Juniper Screenos 6.3.0 A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. | 5.4 |
| 2017-07-17 | CVE-2017-2335 | Cross-site Scripting vulnerability in Juniper Screenos 6.3.0 A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. | 5.4 |
| 2017-07-17 | CVE-2017-2314 | Improper Input Validation vulnerability in Juniper Junos Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart. | 7.5 |
| 2017-07-17 | CVE-2017-10605 | Improper Input Validation vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49 On all vSRX and SRX Series devices, when the DHCP or DHCP relay is configured, specially crafted packet might cause the flowd process to crash, halting or interrupting traffic from flowing through the device(s). | 7.5 |
| 2017-07-17 | CVE-2017-10604 | Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49 When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. | 5.3 |
| 2017-07-17 | CVE-2017-10603 | XML Injection (aka Blind XPath Injection) vulnerability in Juniper Junos 15.1/15.1X53 An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. | 7.8 |