Vulnerabilities > Juniper > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-18 | CVE-2022-22242 | Cross-site Scripting vulnerability in Juniper Junos A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. | 6.1 |
| 2022-10-18 | CVE-2022-22243 | XML Injection (aka Blind XPath Injection) vulnerability in Juniper Junos An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to add an XPath command to the XPath stream, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. | 4.3 |
| 2022-10-18 | CVE-2022-22244 | XML Injection (aka Blind XPath Injection) vulnerability in Juniper Junos An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker sending a crafted POST to reach the XPath channel, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. | 5.3 |
| 2022-10-18 | CVE-2022-22245 | Path Traversal vulnerability in Juniper Junos A Path Traversal vulnerability in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to upload arbitrary files to the device by bypassing validation checks built into Junos OS. | 4.3 |
| 2022-10-18 | CVE-2022-22249 | Unspecified vulnerability in Juniper Junos An Improper Control of a Resource Through its Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). low complexity juniper | 6.5 |
| 2022-10-18 | CVE-2022-22250 | Unspecified vulnerability in Juniper Junos An Improper Control of a Resource Through its Lifetime vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows unauthenticated adjacent attacker to cause a Denial of Service (DoS). low complexity juniper | 6.5 |
| 2022-04-14 | CVE-2022-22182 | Cross-site Scripting vulnerability in Juniper Junos A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. | 4.3 |
| 2022-04-14 | CVE-2022-22185 | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos A vulnerability in Juniper Networks Junos OS on SRX Series, allows a network-based unauthenticated attacker to cause a Denial of Service (DoS) by sending a specific fragmented packet to the device, resulting in a flowd process crash, which is responsible for packet forwarding. | 5.0 |
| 2022-04-14 | CVE-2022-22186 | Improper Initialization vulnerability in Juniper Junos Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but not destined to the device, may be improperly forwarded to an egress interface, instead of being discarded. | 6.4 |
| 2022-04-14 | CVE-2022-22188 | Uncontrolled Memory Allocation vulnerability in Juniper Junos 20.2 An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine (PFE) of Juniper Networks Junos OS allows a network-based unauthenticated attacker to flood the device with traffic leading to a Denial of Service (DoS). | 4.3 |