Vulnerabilities > Juniper > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-24 | CVE-2017-2319 | Improper Authentication vulnerability in Juniper Northstar Controller 2.1.0 A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker to compromise the systems confidentiality or integrity without authentication, leading to managed systems being compromised or services being denied to authentic end users and systems as a result. | 8.3 |
| 2017-04-24 | CVE-2017-2317 | Information Exposure vulnerability in Juniper Northstar Controller 2.1.0 A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause denials of services to underlying database tables leading to potential information disclosure, modification of system states, and partial to full denial of services relying upon data modified by an attacker. | 8.6 |
| 2017-04-24 | CVE-2017-2315 | Missing Release of Resource after Effective Lifetime vulnerability in Juniper Junos On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switch to cause a slow memory leak. | 7.5 |
| 2017-04-24 | CVE-2017-2313 | Improper Input Validation vulnerability in Juniper Junos Juniper Networks devices running affected Junos OS versions may be impacted by the receipt of a crafted BGP UPDATE which can lead to an rpd (routing process daemon) crash and restart. | 7.5 |
| 2017-03-20 | CVE-2016-4929 | Command Injection vulnerability in Juniper Junos Space Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user. | 8.8 |
| 2017-03-20 | CVE-2016-4928 | Cross-Site Request Forgery (CSRF) vulnerability in Juniper Junos Space Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space. | 8.8 |
| 2017-03-20 | CVE-2016-4927 | Improper Input Validation vulnerability in Juniper Junos Space Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices. | 8.1 |
| 2016-09-09 | CVE-2016-1263 | Improper Input Validation vulnerability in Juniper Junos Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3X48 before 12.3X48-D30, 13.3 before 13.3R9-S1, 14.1 before 14.1R7, 14.2 before 14.2R6, 15.1 before 15.1F2-S5, 15.1F4 before 15.1F4-S2, 15.1R before 15.1R2-S3, 15.1 before 15.1R3, and 15.1X49 before 15.1X49-D40 allow remote attackers to cause a denial of service (kernel crash) via a crafted UDP packet destined to the interface IP address of a 64-bit OS device. | 7.5 |
| 2016-08-05 | CVE-2016-1278 | Improper Authentication vulnerability in Juniper Junos 12.1X44/12.1X46 Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to "safe mode" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the "request system software" command with the "partition" option. | 7.8 |
| 2016-04-15 | CVE-2016-1274 | Data Processing Errors vulnerability in Juniper Junos 14.1X53 Juniper Junos OS 14.1X53 before 14.1X53-D30 on QFX Series switches allows remote attackers to cause a denial of service (PFE panic) via a high rate of unspecified VXLAN packets. | 7.5 |