Page 15 of 256 results (0.011 seconds)

CVSS: 6.1EPSS: 46%CPEs: 160EXPL: 0

A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. This issue affects Juniper Networks Junos OS all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en el componente J-Web del Juniper Networks Junos OS permite a un atacante no autenticado ejecute scripts maliciosos reflejados desde J-Web al navegador de la víctima en el contexto de su sesión dentro de J-Web. Este problema afecta a todas las versiones de Junos OS anteriores a 19.1R3-S9; a las versiones 19.2 anteriores a 19.2R3-S6; a las versiones 19.3 anteriores a 19.3R3-S7; a las versiones 19.4 anteriores a 19.4R2-S7, 19.4R3-S8; a las versiones 20.1 anteriores a 20.1R3-S5; a las versiones 20.2 anteriores a 20. 2R3-S5; 20.3 versiones anteriores a 20.3R3-S5; 20.4 versiones anteriores a 20.4R3-S4; 21.1 versiones anteriores a 21.1R3-S4; 21.2 versiones anteriores a 21.2R3-S1; 21.3 versiones anteriores a 21.3R3; 21.4 versiones anteriores a 21.4R2; 22.1 versiones anteriores a 22.1R2 • https://kb.juniper.net/JSA69899 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 161EXPL: 0

An Improper Input Validation vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data without proper authorization. Utilizing a crafted POST request, deserialization may occur which could lead to unauthorized local file access or the ability to execute arbitrary commands. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S9; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el componente J-Web del Juniper Networks Junos OS puede permitir a un atacante no autenticado acceda a los datos sin la autorización adecuada. usando una petición POST diseñada, puede producirse una deserialización que podría conllevar a un acceso no autorizado a archivos locales o la capacidad de ejecutar comandos arbitrarios. Este problema afecta a Juniper Networks Junos OS: todas las versiones anteriores a 19.1R3-S9; las versiones 19.2 anteriores a 19.2R3-S6; las versiones 19.3 anteriores a 19.3R3-S7; las versiones 19.4 anteriores a 19.4R2-S7, 19.4R3-S9; las versiones 20.1 anteriores a 20.1R3-S5; las versiones 20.2 anteriores a 20.2R3-S5; las versiones 20. 3 versiones anteriores a 20.3R3-S5; 20.4 versiones anteriores a 20.4R3-S4; 21.1 versiones anteriores a 21.1R3-S2; 21.2 versiones anteriores a 21.2R3-S1; 21.3 versiones anteriores a 21.3R2-S2, 21.3R3; 21.4 versiones anteriores a 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versiones anteriores a 22.1R1-S1, 22.1R2 • https://kb.juniper.net/JSA69899 • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •

CVSS: 6.5EPSS: 0%CPEs: 147EXPL: 0

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When an incoming RESV message corresponding to a protected LSP is malformed it causes an incorrect internal state resulting in an rpd core. This issue affects: Juniper Networks Junos OS All versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S8; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.2R3-S3-EVO; 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S1-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1-EVO and later versions; 21.3-EVO versions prior to 21.3R2-EVO. Una vulnerabilidad de Comprobación Inapropiada de Condiciones Inusuales o Excepcionales en el demonio de protocolo de enrutamiento (rpd) de Juniper Networks Junos OS y Junos OS Evolved permite a un atacante adyacente no autenticado causar una Denegación de Servicio (DoS). • https://kb.juniper.net/JSA69894 • CWE-754: Improper Check for Unusual or Exceptional Conditions •

CVSS: 5.5EPSS: 0%CPEs: 184EXPL: 0

An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). If the device is very busy for example while executing a series of show commands on the CLI one or more SFPs might not be detected anymore. The system then changes its state to "unplugged" which is leading to traffic impact and at least a partial DoS. Once the system is less busy the port states return to their actual value. Indicators of compromise are log messages about unplugged SFPs and corresponding syspld messages without any physical or environmental cause. • https://kb.juniper.net/JSA69890 • CWE-1250: Improper Preservation of Consistency Between Independent Representations of Shared State •

CVSS: 6.5EPSS: 0%CPEs: 274EXPL: 0

In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated adjacently located attacker sending specific packets to cause a Denial of Service (DoS) condition by crashing one or more PFE's when they are received and processed by the device. Upon automatic restart of the PFE, continued processing of these packets will cause the memory leak to reappear. Depending on the volume of packets received the attacker may be able to create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX4300-MP, EX4600, QFX5000 Series: 17.1 version 17.1R1 and later versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S7, 19.2R3-S1; 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2. This issue does not affect Junos OS versions prior to 17.1R1. • https://kb.juniper.net/JSA69876 https://www.juniper.net/documentation/us/en/software/junos/ovsdb-vxlan/evpn-vxlan/topics/ref/statement/vxlan.html#id-vxlan__d281e31 • CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •