Vulnerabilities > Juniper
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-10 | CVE-2019-0031 | Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos 17.4/18.1/18.1R Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a memory resource consumption issue to occur on a Junos OS device using the jdhcpd daemon configured to respond to IPv6 requests. | 7.5 |
| 2019-04-10 | CVE-2019-0028 | Unspecified vulnerability in Juniper Junos On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and restart. | 7.5 |
| 2019-04-10 | CVE-2019-0019 | Unspecified vulnerability in Juniper Junos When BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon (rpd) process to crash and restart. | 7.5 |
| 2019-04-10 | CVE-2019-0008 | Out-of-bounds Write vulnerability in Juniper Junos A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. | 9.8 |
| 2019-01-16 | CVE-2017-3145 | Use After Free vulnerability in multiple products BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. | 7.5 |
| 2019-01-15 | CVE-2019-0030 | Use of Password Hash With Insufficient Computational Effort vulnerability in Juniper Advanced Threat Prevention Firmware 5.0.0/5.0.1/5.0.2 Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. | 7.2 |
| 2019-01-15 | CVE-2019-0029 | Information Exposure Through Log Files vulnerability in Juniper Advanced Threat Prevention Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. | 7.8 |
| 2019-01-15 | CVE-2019-0027 | Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. | 5.4 |
| 2019-01-15 | CVE-2019-0026 | Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. | 5.4 |
| 2019-01-15 | CVE-2019-0025 | Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. | 5.4 |