CVSS: 7.5EPSS: 0%CPEs: 39EXPL: 0CVE-2017-2313
https://notcve.org/view.php?id=CVE-2017-2313
Juniper Networks devices running affected Junos OS versions may be impacted by the receipt of a crafted BGP UPDATE which can lead to an rpd (routing process daemon) crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition. The affected Junos OS versions are: 15.1 prior to 15.1F2-S15, 15.1F5-S7, 15.1F6-S5, 15.1F7, 15.1R4-S7, 15.1R5-S2, 15.1R6; 15.1X49 prior to 15.1X49-D78, 15.1X49-D80; 15.1X53 prior to 15.1X53-D230, 15.1X53-D63, 15.1X53-D70; 16.1 prior to 16.1R3-S3, 16.1R4; 16.2 prior to 16.2R1-S3, 16.2R2; Releases prior to Junos OS 15.1 are unaffected by this vulnerability. 17.1R1, 17.2R1, and all subsequent releases have a resolution for this vulnerability. Dispositivos de Juniper Networks que ejecutan las versiones afectadas Junos OS pueden verse afectados por el recibo de una BGP UPDATE manipulada que puede conducir a un fallo y un reinicio del rpd (enrutamiento del daemon del proceso). Los repetidos bloqueos del daemon rpd pueden resultar en una condición extendida de denegación de servicio. • http://www.securityfocus.com/bid/97606 http://www.securitytracker.com/id/1038257 https://kb.juniper.net/JSA10778 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-2340
https://notcve.org/view.php?id=CVE-2017-2340
On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 prior to 16.1R3, on M/MX platforms where Enhanced Subscriber Management for DHCPv6 subscribers is configured, a vulnerability in processing IPv6 ND packets originating from subscribers and destined to M/MX series routers can result in a PFE (Packet Forwarding Engine) hang or crash. En Juniper Networks Junos OS 15.1 en versiones desde la 15.1R3 a la 15.1R4, 16.1 anterior a 16.1R3, en plataformas M/MX donde se configura Enhanced Subscriber Management para suscriptores DHCPv6, una vulnerabilidad en el procesamiento de paquetes IPv6 ND originados de suscriptores y destinados a los enrutadores de las series M/MX puede ocasionar un cuelgue o una caída de PFE (Packet Forwarding Engine). • http://www.securityfocus.com/bid/97607 http://www.securitytracker.com/id/1038254 https://kb.juniper.net/JSA10786 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 23EXPL: 1CVE-2016-7103 – jquery-ui: cross-site scripting in dialog closeText
https://notcve.org/view.php?id=CVE-2016-7103
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. Vulnerabilidad de XSS en la interfaz de usuario de jQuery en versiones anteriores a 1.12.0 podría permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro closeText de la función dialog. It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user. • http://rhn.redhat.com/errata/RHSA-2016-2932.html http://rhn.redhat.com/errata/RHSA-2016-2933.html http://rhn.redhat.com/errata/RHSA-2017-0161.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104823 https://github.com/jquery/api.jqueryui.com/issues/281 https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6 https://jqueryui.com/changelog/1.12.0 https://lists.apache.org/thread.html/519eb0fd45642dcecd9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 53EXPL: 0CVE-2016-1277
https://notcve.org/view.php?id=CVE-2016-1277
Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D40, 12.3X48 before 12.3X48-D30, 13.3 before 13.3R9, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R6, 15.1 before 15.1F6 or 15.1R3, and 15.1X49 before 15.1X49-D40, when configured with a GRE or IPIP tunnel, allow remote attackers to cause a denial of service (kernel panic) via a crafted ICMP packet. Juniper Junos OS en versiones anteriores a 12.1X46-D50, 12.1X47 en versiones anteriores a 12.1X47-D40, 12.3X48 en versiones anteriores a 12.3X48-D30, 13.3 en versiones anteriores a 13.3R9, 14.1 en versiones anteriores a 14.1R8, 14.1X53 en versiones anteriores a 14.1X53-D40, 14.2 en versiones anteriores a 14.2R6, 15.1 en versiones anteriores a 15.1F6 o 15.1R3 y 15.1X49 en versiones anteriores a 15.1X49-D40, cuando es configurado con un tunel GRE o IPIP, permiten a atacantes remotos provocar una denegación de servicio (pánico en el kernel) a través de un paquete ICMP manipulado. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10752 http://www.securityfocus.com/bid/91755 http://www.securitytracker.com/id/1036306 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 64EXPL: 0CVE-2016-1279
https://notcve.org/view.php?id=CVE-2016-1279
J-Web in Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D25, 13.3 before 13.3R10, 13.3R9 before 13.3R9-S1, 14.1 before 14.1R7, 14.1X53 before 14.1X53-D35, 14.2 before 14.2R6, 15.1 before 15.1A2 or 15.1F4, 15.1X49 before 15.1X49-D30, and 15.1R before 15.1R3 might allow remote attackers to obtain sensitive information and consequently gain administrative privileges via unspecified vectors. J-Web en Juniper Junos OS en versiones anteriores a 12.1X46-D45, 12.1X46-D50, 12.1X47 en versiones anteriores a 12.1X47-D35, 12.3 en versiones anteriores a 12.3R12, 12.3X48 en versiones anteriores a 12.3X48-D25, 13.3 en versiones anteriores a 13.3R10, 13.3R9 en versiones anteriores a 13.3R9-S1, 14.1 en versiones anteriores a 14.1R7, 14.1X53 en versiones anteriores a 14.1X53-D35, 14.2 en versiones anteriores a 14.2R6, 15.1 en versiones anteriores a 15.1A2 o 15.1F4, 15.1X49 en versiones anteriores a 15.1X49-D30 y 15.1R en versiones anteriores a 15.1R3 podría permitir a atacantes remotos obtener información sensible y por lo tanto conseguir privilegios administrativos a través de vectores no especificados. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10754 http://www.securityfocus.com/bid/91759 http://www.securitytracker.com/id/1036302 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •