Vulnerabilities > Juniper > Low

DATE CVE VULNERABILITY TITLE RISK
2018-10-10 CVE-2018-0054 Resource Exhaustion vulnerability in Juniper Junos
On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause frames or an ARP packet storm received on the management interface (fxp0) can cause egress interface congestion, resulting in routing protocol packet drops, such as BGP, leading to peering flaps.
low complexity
juniper CWE-400
3.3
2018-10-10 CVE-2018-0055 Improper Input Validation vulnerability in Juniper Junos
Receipt of a specially crafted DHCPv6 message destined to a Junos OS device configured as a DHCP server in a Broadband Edge (BBE) environment may result in a jdhcpd daemon crash.
2.9
2018-10-10 CVE-2018-0056 Improper Input Validation vulnerability in Juniper Junos
If a duplicate MAC address is learned by two different interfaces on an MX Series device, the MAC address learning function correctly flaps between the interfaces.
2.9
2018-10-10 CVE-2018-0059 Cross-site Scripting vulnerability in Juniper Netscreen Screenos
A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
network
juniper CWE-79
3.5
2018-10-10 CVE-2018-0063 Resource Exhaustion vulnerability in Juniper Junos 17.3
A vulnerability in the IP next-hop index database in Junos OS 17.3R3 may allow a flood of ARP requests, sent to the management interface, to exhaust the private Internal routing interfaces (IRIs) next-hop limit.
low complexity
juniper CWE-400
3.3
2018-04-11 CVE-2018-0021 Unspecified vulnerability in Juniper Junos
If all 64 digits of the connectivity association name (CKN) key or all 32 digits of the connectivity association key (CAK) key are not configured, all remaining digits will be auto-configured to 0.
low complexity
juniper
3.3
2018-04-11 CVE-2018-0023 Incorrect Default Permissions vulnerability in Juniper Jsnapy
JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github.
local
low complexity
juniper CWE-276
2.1
2018-01-10 CVE-2018-0006 Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos
A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain can trigger high memory utilization by the BBE subscriber management daemon (bbe-smgd), and lead to a denial of service condition.
2.9
2018-01-10 CVE-2018-0011 Cross-site Scripting vulnerability in Juniper Junos Space
A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a session, and to perform administrative actions on the Junos Space network management device.
network
juniper CWE-79
3.5
2018-01-10 CVE-2018-0014 Information Exposure vulnerability in Juniper Screenos
Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets.
low complexity
juniper CWE-200
3.3