Vulnerabilities > Juniper > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-2335 | Cross-site Scripting vulnerability in Juniper Screenos 6.3.0 A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. | 5.4 |
| 2017-07-17 | CVE-2017-10604 | Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49 When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. | 5.3 |
| 2017-05-30 | CVE-2017-2311 | Unspecified vulnerability in Juniper Junos Space 14.1 On Juniper Networks Junos Space versions prior to 16.1R1, an unauthenticated remote attacker with network access to Junos space device can easily create a denial of service condition. | 5.3 |
| 2017-05-30 | CVE-2017-2310 | Unspecified vulnerability in Juniper Junos Space A firewall bypass vulnerability in the host based firewall of Juniper Networks Junos Space versions prior to 16.1R1 may permit certain crafted packets, representing a network integrity risk. | 5.3 |
| 2017-05-30 | CVE-2017-2309 | Information Exposure vulnerability in Juniper Junos Space 14.1 On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. | 5.9 |
| 2017-05-30 | CVE-2017-2308 | XXE vulnerability in Juniper Junos Space 14.1 An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device. | 6.5 |
| 2017-05-30 | CVE-2017-2307 | Cross-site Scripting vulnerability in Juniper Junos Space A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or perform certain administrative actions on Junos Space. | 6.1 |
| 2017-04-24 | CVE-2017-2322 | Resource Exhaustion vulnerability in Juniper Northstar Controller 2.1.0 A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services. | 5.5 |
| 2017-04-24 | CVE-2017-2340 | Improper Input Validation vulnerability in Juniper Junos 15.1/16.1 On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 prior to 16.1R3, on M/MX platforms where Enhanced Subscriber Management for DHCPv6 subscribers is configured, a vulnerability in processing IPv6 ND packets originating from subscribers and destined to M/MX series routers can result in a PFE (Packet Forwarding Engine) hang or crash. | 5.3 |
| 2017-04-24 | CVE-2017-2333 | Resource Exhaustion vulnerability in Juniper Northstar Controller 2.1.0 A persistent denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network-based, authenticated attacker to consume enough system resources to cause a persistent denial of service by visiting certain specific URLs on the server. | 6.5 |