Vulnerabilities > Juniper > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-24 CVE-2017-2326 Information Exposure vulnerability in Juniper Northstar Controller 2.1.0
An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, network-based attacker to replicate the underlying Junos OS VM and all data it maintains to their local system for future analysis.
network
low complexity
juniper CWE-200
6.5
2017-04-24 CVE-2017-2325 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Juniper Northstar Controller 2.1.0
A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service.
network
low complexity
juniper CWE-119
6.5
2017-04-24 CVE-2017-2324 Command Injection vulnerability in Juniper Northstar Controller 2.1.0
A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to cause a denial of service condition.
network
low complexity
juniper CWE-77
5.3
2017-04-24 CVE-2017-2318 Information Exposure vulnerability in Juniper Northstar Controller 2.1.0
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to read log files which will compromise the integrity of the system, or provide elevation of privileges.
network
low complexity
juniper CWE-200
6.5
2017-04-24 CVE-2017-2316 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Juniper Northstar Controller 2.1.0
A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service.
local
low complexity
juniper CWE-119
6.5
2017-04-24 CVE-2017-2312 Missing Release of Resource after Effective Lifetime vulnerability in Juniper Junos
On Juniper Networks devices running Junos OS affected versions and with LDP enabled, a specific LDP packet destined to the RE (Routing Engine) will consume a small amount of the memory allocated for the rpd (routing protocol daemon) process.
network
low complexity
juniper CWE-772
6.5
2017-03-20 CVE-2016-4931 XXE vulnerability in Juniper Junos Space
XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service.
network
low complexity
juniper CWE-611
6.5
2017-03-20 CVE-2016-4930 Cross-site Scripting vulnerability in Juniper Junos Space
Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions.
network
low complexity
juniper CWE-79
6.1
2017-03-15 CVE-2016-7103 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
6.1
2016-09-09 CVE-2016-1280 Improper Validation of Certificate with Host Mismatch vulnerability in Juniper Junos
PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before 12.1X46-D37, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D20, 13.3 before 13.3R10, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R7, 15.1 before 15.1R4, 15.1X49 before 15.1X49-D20, 15.1X53 before 15.1X53-D60, and 16.1 before 16.1R1 allow remote attackers to bypass an intended certificate validation mechanism via a self-signed certificate with an Issuer name that matches a valid CA certificate enrolled in Junos.
network
low complexity
juniper CWE-297
6.5