Vulnerabilities > Juniper > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-19 | CVE-2022-22166 | Improper Validation of Specified Quantity in Input vulnerability in Juniper Junos 20.4/21.1 An Improper Validation of Specified Quantity in Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause an rdp crash and thereby a Denial of Service (DoS). | 6.5 |
| 2022-01-19 | CVE-2022-22168 | Improper Validation of Specified Type of Input vulnerability in Juniper Junos An Improper Validation of Specified Type of Input vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to trigger a Missing Release of Memory after Effective Lifetime vulnerability. | 6.5 |
| 2022-01-19 | CVE-2022-22169 | Improper Initialization vulnerability in Juniper Junos 15.1/18.3 An Improper Initialization vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker who sends specific packets in certain orders and at specific timings to force OSPFv3 to unexpectedly enter graceful-restart (GR helper mode) even though there is not any Grace-LSA received in OSPFv3 causing a Denial of Service (DoS). | 5.9 |
| 2022-01-19 | CVE-2022-22172 | Memory Leak vulnerability in Juniper Junos and Junos OS Evolved A Missing Release of Memory after Effective Lifetime vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a memory leak. | 6.5 |
| 2022-01-19 | CVE-2022-22176 | Improper Input Validation vulnerability in Juniper Junos An Improper Validation of Syntactic Correctness of Input vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker sending a malformed DHCP packet to cause a crash of jdhcpd and thereby a Denial of Service (DoS). | 6.5 |
| 2022-01-19 | CVE-2022-22179 | Improper Input Validation vulnerability in Juniper Junos A Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a crash of jdhcpd and thereby a Denial of Service (DoS). | 6.5 |
| 2021-10-19 | CVE-2021-0297 | Improper Handling of Exceptional Conditions vulnerability in Juniper Junos OS Evolved 20.3/20.4/21.1 A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. | 6.5 |
| 2021-10-19 | CVE-2021-0298 | Race Condition vulnerability in Juniper Junos OS Evolved A Race Condition in the 'show chassis pic' command in Juniper Networks Junos OS Evolved may allow an attacker to crash the port interface concentrator daemon (picd) process on the FPC, if the command is executed coincident with other system events outside the attacker's control, leading to a Denial of Service (DoS) condition. | 4.7 |
| 2021-10-19 | CVE-2021-31352 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Juniper Session and Resource Control An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. | 5.3 |
| 2021-10-19 | CVE-2021-31355 | Cross-site Scripting vulnerability in Juniper Junos A persistent cross-site scripting (XSS) vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. | 5.4 |