CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2014-2712
https://notcve.org/view.php?id=CVE-2014-2712
14 Apr 2014 — Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before 12.2R1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to index.php. Vulnerabilidad de XSS en J-Web en Juniper Junos en versiones anteriores a 10.0S25, 10.4 en versiones anteriores a 10.4R10, 11.4 en versiones anteriores a 11... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10521 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2014-2713
https://notcve.org/view.php?id=CVE-2014-2713
14 Apr 2014 — Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, 12.3R4 before 12.3R4-S3, 13.1 before 13.1R4, 13.2 before 13.2R2, and 13.3 before 13.3R1, as used in MX Series and T4000 routers, allows remote attackers to cause a denial of service (PFE restart) via a crafted IP packet to certain (1) Trio or (2) Cassis-based Packet Forwarding Engine (PFE) modules. Juniper Junos anterior a 11.4R11, 12.1 anterior a 12.1R9, 12.2 anterior a 12.2R7, 12.3R4 anterior a 12.3R4-S3, 13.1 anterior a 13.1R4, 13.2 an... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10621 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-2714
https://notcve.org/view.php?id=CVE-2014-2714
14 Apr 2014 — The Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 before 11.4R9, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D10, and 12.1X46 before 12.1X46-D10, as used in the SRX Series services gateways, allows remote attackers to cause a denial of service (flow daemon crash and restart) via a crafted URL. Enhanced Web Filtering (EWF) en Juniper Junos anterior a 10.4R15, 11.4 anterior a 11.4R9, 12.1 anterior a 12.1R7, 12.1X44 anterior a 12.1X44-D20, 12.1X45 anterior a 12.1... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10622 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2014-0612
https://notcve.org/view.php?id=CVE-2014-0612
14 Apr 2014 — Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before 11.4R11, 12.1X44 before 12.1X44-D26, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, and 12.1X46 before 12.1X46-D10, when Dynamic IPsec VPN is configured, allows remote attackers to cause a denial of service (new Dynamic VPN connection failures and CPU and disk consumption) via unknown vectors. Vulnerabilidad no especificada en Juniper Junos anterior a versión 11.4R10-S1, anterior a versión 11.4R11, versiones 12.1X44 anteriores a 1... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10620 •
CVSS: 7.5EPSS: 0%CPEs: 67EXPL: 0CVE-2013-7313
https://notcve.org/view.php?id=CVE-2013-7313
23 Jan 2014 — The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. La implementación de OSPF en Juniper Junos hasta la versión 13.x, JunosE, y ScreenO... • http://www.kb.cert.org/vuls/id/229804 •
CVSS: 7.1EPSS: 0%CPEs: 11EXPL: 0CVE-2014-0613
https://notcve.org/view.php?id=CVE-2014-0613
14 Jan 2014 — The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2-S2, and 13.3 before 13.3R1, when xnm-ssl or xnm-clear-text is enabled, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. El procesador de comandos XNM en Juniper Junos 10.4 anteriores a 10... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10607 •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2014-0615
https://notcve.org/view.php?id=CVE-2014-0615
14 Jan 2014 — Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows local users to gain privileges via vectors related to "certain combinations of Junos OS CLI commands and arguments." Juniper Junos 10.4 anteriores a 10.4R16, 11.4 anteriores a 11.4R10, 12.1R anteriores a 12.1R8-S2, 12.1X44 anteriores a... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10608 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2014-0616
https://notcve.org/view.php?id=CVE-2014-0616
14 Jan 2014 — Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R4-S2, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows remote attackers to cause a denial of service (rdp crash) via a large BGP UPDATE message which immediately triggers a withdraw message to be sent, as demonstrated by a long AS_PATH and a large number of BGP Communities. Juniper Juno... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10609 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2014-0617
https://notcve.org/view.php?id=CVE-2014-0617
14 Jan 2014 — Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before 11.4R9, and 12.1R before 12.1R7 on SRX Series service gateways allows remote attackers to cause a denial of service (flowd crash) via a crafted IP packet. Juniper Junos 10.4S anteriores a 10.4S15, 10.4R anteriores a 10.4R16, 11.4 anteriores a 11.4R9 y 12.1R anteriores a 12.1R7 en los servicios de pasarela SRX Series permite a atacantes remotos causar denegación de servicio (caída de flowd) a través de un paquete IP manipulado. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10610 •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2014-0618
https://notcve.org/view.php?id=CVE-2014-0618
11 Jan 2014 — Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted HTTP message. Juniper Junos anterior a la versión 10.4 anterior a 10.4R16, 11.4 anterior a la versión 11.4R8, 12.1R anterior a 12.1R7, 12.1X44 anterior a la versión 12.1X44-D20, y 12.1X45 anterior a... • http://osvdb.org/101864 •