Vulnerabilities > Juniper > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-24 | CVE-2017-2326 | Information Exposure vulnerability in Juniper Northstar Controller 2.1.0 An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, network-based attacker to replicate the underlying Junos OS VM and all data it maintains to their local system for future analysis. | 6.5 |
| 2017-04-24 | CVE-2017-2325 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Juniper Northstar Controller 2.1.0 A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service. | 6.5 |
| 2017-04-24 | CVE-2017-2324 | Command Injection vulnerability in Juniper Northstar Controller 2.1.0 A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to cause a denial of service condition. | 5.3 |
| 2017-04-24 | CVE-2017-2318 | Information Exposure vulnerability in Juniper Northstar Controller 2.1.0 A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to read log files which will compromise the integrity of the system, or provide elevation of privileges. | 6.5 |
| 2017-04-24 | CVE-2017-2316 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Juniper Northstar Controller 2.1.0 A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service. | 6.5 |
| 2017-04-24 | CVE-2017-2312 | Missing Release of Resource after Effective Lifetime vulnerability in Juniper Junos On Juniper Networks devices running Junos OS affected versions and with LDP enabled, a specific LDP packet destined to the RE (Routing Engine) will consume a small amount of the memory allocated for the rpd (routing protocol daemon) process. | 6.5 |
| 2017-03-20 | CVE-2016-4931 | XXE vulnerability in Juniper Junos Space XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service. | 6.5 |
| 2017-03-20 | CVE-2016-4930 | Cross-site Scripting vulnerability in Juniper Junos Space Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions. | 6.1 |
| 2017-03-15 | CVE-2016-7103 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. | 6.1 |
| 2016-09-09 | CVE-2016-1280 | Improper Validation of Certificate with Host Mismatch vulnerability in Juniper Junos PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before 12.1X46-D37, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D20, 13.3 before 13.3R10, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R7, 15.1 before 15.1R4, 15.1X49 before 15.1X49-D20, 15.1X53 before 15.1X53-D60, and 16.1 before 16.1R1 allow remote attackers to bypass an intended certificate validation mechanism via a self-signed certificate with an Issuer name that matches a valid CA certificate enrolled in Junos. | 6.5 |