CVSS: 8.8EPSS: 0%CPEs: 295EXPL: 0CVE-2018-0043 – Junos OS: RPD daemon crashes upon receipt of specific MPLS packet
https://notcve.org/view.php?id=CVE-2018-0043
10 Oct 2018 — Receipt of a specific MPLS packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending specific MPLS packets, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. This issue affects both IPv4 and IPv6. This issue can only be exploited from within the MPLS domain. End-users connected to the CE device cannot cause this crash. • http://www.securitytracker.com/id/1041847 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 205EXPL: 0CVE-2018-0045 – Junos OS: RPD daemon crashes due to receipt of specific Draft-Rosen MVPN control packet in Draft-Rosen MVPN configuration
https://notcve.org/view.php?id=CVE-2018-0045
10 Oct 2018 — Receipt of a specific Draft-Rosen MVPN control packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending the same specific Draft-Rosen MVPN control packet, an attacker can repeatedly crash the RPD process causing a prolonged denial of service. This issue may occur when the Junos OS device is configured for Draft-Rosen multicast virtual private network (MVPN). The VPN is multicast-enabled and configured to use Protocol Indepe... • http://www.securitytracker.com/id/1041848 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 152EXPL: 0CVE-2018-0049 – Junos OS: Receipt of a specifically crafted malicious MPLS packet leads to a Junos kernel crash.
https://notcve.org/view.php?id=CVE-2018-0049
10 Oct 2018 — A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to cause the Junos OS kernel to crash. Continued receipt of this specifically crafted malicious MPLS packet will cause a sustained Denial of Service condition. This issue require it to be received on an interface configured to receive this type of traffic. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D76 prior to 12.1X46-D81 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX... • http://www.securityfocus.com/bid/105701 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 73EXPL: 0CVE-2018-0051 – Junos OS: Denial of Service vulnerability in MS-PIC, MS-MIC, MS-MPC, MS-DPC and SRX flow daemon (flowd) related to SIP ALG
https://notcve.org/view.php?id=CVE-2018-0051
10 Oct 2018 — A Denial of Service vulnerability in the SIP application layer gateway (ALG) component of Junos OS based platforms allows an attacker to crash MS-PIC, MS-MIC, MS-MPC, MS-DPC or SRX flow daemon (flowd) process. This issue affects Junos OS devices with NAT or stateful firewall configuration in combination with the SIP ALG enabled. SIP ALG is enabled by default on SRX Series devices except for SRX-HE devices. SRX-HE devices have SIP ALG disabled by default. The status of ALGs in SRX device can be obtained by e... • http://www.securitytracker.com/id/1041852 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 8%CPEs: 143EXPL: 0CVE-2018-0052 – Junos OS: Unauthenticated remote root access possible when RSH service is enabled
https://notcve.org/view.php?id=CVE-2018-0052
10 Oct 2018 — If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. There is no documented CLI command to enable this service. However, an undocumented CLI command allows a privileged Junos user to enable RSH service and disable PAM, and hence expose the system to unauthenticated root access. When RSH is enabled, the device is listing to RSH connections on port 514. • http://www.securitytracker.com/id/1041853 • CWE-287: Improper Authentication •
CVSS: 5.9EPSS: 0%CPEs: 83EXPL: 0CVE-2018-0060 – Junos OS: Invalid IP/mask learned from DHCP server might cause device control daemon (dcd) process crash
https://notcve.org/view.php?id=CVE-2018-0060
10 Oct 2018 — An improper input validation weakness in the device control daemon process (dcd) of Juniper Networks Junos OS allows an attacker to cause a Denial of Service to the dcd process and interfaces and connected clients when the Junos device is requesting an IP address for itself. Junos devices are not vulnerable to this issue when not configured to use DHCP. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D40 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 1... • http://www.securitytracker.com/id/1041858 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 128EXPL: 0CVE-2018-0061 – Junos OS: Denial of service in telnetd
https://notcve.org/view.php?id=CVE-2018-0061
10 Oct 2018 — A denial of service vulnerability in the telnetd service on Junos OS allows remote unauthenticated users to cause high CPU usage which may affect system performance. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D81 on SRX Series; 12.3 versions prior to 12.3R12-S11; 12.3X48 versions prior to 12.3X48-D80 on SRX Series; 15.1 versions prior to 15.1R7; 15.1X49 versions prior to 15.1X49-D150, 15.1X49-D160 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 S... • http://www.securitytracker.com/id/1041859 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 122EXPL: 0CVE-2018-0062 – Junos OS: Denial of Service in J-Web
https://notcve.org/view.php?id=CVE-2018-0062
10 Oct 2018 — A Denial of Service vulnerability in J-Web service may allow a remote unauthenticated user to cause Denial of Service which may prevent other users to authenticate or to perform J-Web operations. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D60 on SRX Series; 15.1 versions prior to 15.1R7; 15.1F6; 15.1X49 versions prior to 15.1X49-D120 on SRX Series; 15.1X53 versions prior to 15.1X5... • http://www.securitytracker.com/id/1041860 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 459EXPL: 2CVE-2018-15504
https://notcve.org/view.php?id=CVE-2018-15504
18 Aug 2018 — An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11. Se ha descubierto un problema en Embedthis GoAhead en versiones anteriores a la 4.0.1 y Appweb anteriores a la 7.0.2. El servidor maneja incorrectamente algunos campos request HTTP asociados con time, lo que resulta en una de... • https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2daef • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 225EXPL: 2CVE-2018-15505
https://notcve.org/view.php?id=CVE-2018-15505
18 Aug 2018 — An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address. Se ha descubierto un problema en Embedthis GoAhead en versiones anteriores a la 4.0.1 y Appweb anteriores a la 7.0.2. Una petición HTTP POST con un campo de cabecera "Host" especialmente manipulado puede causar una... • https://github.com/embedthis/appweb/commit/16e6979c82297d5fc4f8661e7ada975f51e4dfa9 • CWE-476: NULL Pointer Dereference •