Vulnerabilities > Juniper > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-11 | CVE-2018-0041 | Use of Hard-coded Credentials vulnerability in Juniper Contrail Service Orchestration Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. | 9.8 |
| 2018-07-11 | CVE-2018-0040 | Use of Hard-coded Credentials vulnerability in Juniper Contrail Service Orchestration Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services. | 9.8 |
| 2018-07-11 | CVE-2018-0039 | Use of Hard-coded Credentials vulnerability in Juniper Contrail Service Orchestration Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. | 9.8 |
| 2018-07-11 | CVE-2018-0038 | Use of Hard-coded Credentials vulnerability in Juniper Contrail Service Orchestration Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. | 9.8 |
| 2018-07-11 | CVE-2018-0037 | Improper Input Validation vulnerability in Juniper Junos 15.1 Junos OS routing protocol daemon (RPD) process may crash and restart or may lead to remote code execution while processing specific BGP NOTIFICATION messages. | 9.8 |
| 2018-07-11 | CVE-2018-0035 | Unspecified vulnerability in Juniper Junos 15.1X53 QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended additional Open Network Install Environment (ONIE) partition. | 9.8 |
| 2018-04-05 | CVE-2014-3413 | Use of Hard-coded Credentials vulnerability in Juniper Junos Space 13.3 The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access. | 9.8 |
| 2018-01-10 | CVE-2018-0007 | Command Injection vulnerability in Juniper Junos An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a denial of service. | 9.8 |
| 2018-01-10 | CVE-2018-0001 | Use After Free vulnerability in Juniper Junos A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. | 9.8 |
| 2017-10-13 | CVE-2017-10622 | Improper Authentication vulnerability in Juniper Junos Space 16.1/17.1 An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. | 9.8 |