Vulnerabilities > Juniper > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-17 | CVE-2020-1647 | Double Free vulnerability in Juniper Junos On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, a double free vulnerability can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) due to processing of a specific HTTP message. | 9.8 |
| 2020-05-04 | CVE-2020-1631 | Path Traversal vulnerability in Juniper Junos A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. | 9.8 |
| 2020-04-08 | CVE-2020-1615 | Use of Hard-coded Credentials vulnerability in Juniper Junos The factory configuration for vMX installations, as shipped, includes default credentials for the root account. | 9.8 |
| 2020-04-08 | CVE-2020-1614 | Use of Hard-coded Credentials vulnerability in Juniper Junos A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g. | 10.0 |
| 2020-03-06 | CVE-2020-10188 | Classic Buffer Overflow vulnerability in multiple products utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. network low complexity netkit-telnet-project fedoraproject debian arista oracle juniper CWE-120 critical | 9.8 |
| 2019-04-10 | CVE-2019-0040 | Information Exposure vulnerability in Juniper Junos On Junos OS, rpcbind should only be listening to port 111 on the internal routing instance (IRI). | 9.1 |
| 2019-04-10 | CVE-2019-0036 | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. | 9.8 |
| 2019-04-10 | CVE-2019-0008 | Out-of-bounds Write vulnerability in Juniper Junos A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. | 9.8 |
| 2019-01-15 | CVE-2019-0022 | Use of Hard-coded Credentials vulnerability in Juniper Advanced Threat Prevention Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. | 9.8 |
| 2019-01-15 | CVE-2019-0020 | Use of Hard-coded Credentials vulnerability in Juniper Advanced Threat Prevention Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. | 9.8 |