Vulnerabilities > Juniper > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-22 | CVE-2019-1010232 | Out-of-bounds Write vulnerability in Juniper Libslax 0.22.0 Juniper juniper/libslax libslax latest version (as of commit 084ddf6ab4a55b59dfa9a53f9c5f14d192c4f8e5 Commits on Sep 1, 2018) is affected by: Buffer Overflow. | 6.5 |
| 2019-07-11 | CVE-2019-0048 | Unspecified vulnerability in Juniper Junos On EX4300 Series switches with TCAM optimization enabled, incoming multicast traffic matches an implicit loopback filter rule first, since it has high priority. | 5.8 |
| 2019-07-11 | CVE-2019-0046 | Resource Exhaustion vulnerability in Juniper Junos A vulnerability in the pfe-chassisd Chassis Manager (CMLC) daemon of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the EX4300 when specific valid broadcast packets create a broadcast storm condition when received on the me0 interface of the EX4300 Series device. | 6.5 |
| 2019-04-20 | CVE-2019-11358 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. | 6.1 |
| 2019-04-10 | CVE-2019-0042 | Unspecified vulnerability in Juniper Identity Management Service Juniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services gateways. high complexity juniper | 4.2 |
| 2019-04-10 | CVE-2019-0038 | Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos Crafted packets destined to the management interface (fxp0) of an SRX340 or SRX345 services gateway may create a denial of service (DoS) condition due to buffer space exhaustion. | 6.5 |
| 2019-04-10 | CVE-2019-0035 | Insufficiently Protected Credentials vulnerability in Juniper Junos When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. | 6.8 |
| 2019-01-15 | CVE-2019-0027 | Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. | 5.4 |
| 2019-01-15 | CVE-2019-0026 | Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. | 5.4 |
| 2019-01-15 | CVE-2019-0025 | Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. | 5.4 |