Vulnerabilities > Juniper

DATE CVE VULNERABILITY TITLE RISK
2020-03-06 CVE-2020-10188 Classic Buffer Overflow vulnerability in multiple products
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
9.8
2020-02-28 CVE-2015-5361 Inadequate Encryption Strength vulnerability in Juniper Junos
Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel.
network
low complexity
juniper CWE-326
6.5
2020-02-28 CVE-2015-3006 Insufficient Entropy vulnerability in Juniper Junos
On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates.
network
low complexity
juniper CWE-331
6.5
2020-02-11 CVE-2014-6447 Cross-site Scripting vulnerability in Juniper Junos
Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS).
network
low complexity
juniper CWE-79
7.1
2020-01-15 CVE-2014-6448 Improper Privilege Management vulnerability in Juniper Junos
Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access.
local
low complexity
juniper CWE-269
7.8
2020-01-15 CVE-2020-1611 Unspecified vulnerability in Juniper Junos Space
A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets.
network
low complexity
juniper
6.5
2020-01-15 CVE-2020-1609 OS Command Injection vulnerability in Juniper Junos
When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device.
low complexity
juniper CWE-78
8.8
2020-01-15 CVE-2020-1608 Unspecified vulnerability in Juniper Junos
Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot.
network
low complexity
juniper
7.5
2020-01-15 CVE-2020-1607 Cross-site Scripting vulnerability in Juniper Junos
Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user.
network
low complexity
juniper CWE-79
6.1
2020-01-15 CVE-2020-1606 Path Traversal vulnerability in Juniper Junos
A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission.
network
low complexity
juniper CWE-22
8.1