CVSS: 8.8EPSS: 0%CPEs: 263EXPL: 0CVE-2019-0062 – Junos OS: Session fixation vulnerability in J-Web
https://notcve.org/view.php?id=CVE-2019-0062
09 Oct 2019 — A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15 on EX Series; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1F6-S13, 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 1... • https://kb.juniper.net/JSA10961 • CWE-384: Session Fixation •
CVSS: 7.5EPSS: 0%CPEs: 344EXPL: 0CVE-2019-0043 – Junos OS: RPD process crashes upon receipt of a specific SNMP packet
https://notcve.org/view.php?id=CVE-2019-0043
10 Apr 2019 — In MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) process to crash and restart. By continuously sending a specially crafted SNMP packet, an attacker can repetitively crash the RPD process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS : 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior... • https://kb.juniper.net/JSA10935 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 164EXPL: 0CVE-2019-0003 – Junos OS: A flowspec BGP update with a specific term-order causes routing protocol daemon (rpd) process to crash with a core.
https://notcve.org/view.php?id=CVE-2019-0003
15 Jan 2019 — When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to crash with a core file being generated. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 14.1X53 versions prior to 14.1... • http://www.securityfocus.com/bid/106544 • CWE-617: Reachable Assertion •
CVSS: 9.8EPSS: 1%CPEs: 86EXPL: 0CVE-2019-0006 – Junos OS: EX, QFX and MX series: Packet Forwarding Engine manager (FXPC) process crashes due to a crafted HTTP packet in a Virtual Chassis configuration
https://notcve.org/view.php?id=CVE-2019-0006
15 Jan 2019 — A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. This issue only occurs when the crafted packet it destined to the device. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47 on EX and QFX Virtual Chassis... • http://www.securityfocus.com/bid/106666 • CWE-908: Use of Uninitialized Resource •
CVSS: 8.8EPSS: 0%CPEs: 295EXPL: 0CVE-2018-0043 – Junos OS: RPD daemon crashes upon receipt of specific MPLS packet
https://notcve.org/view.php?id=CVE-2018-0043
10 Oct 2018 — Receipt of a specific MPLS packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending specific MPLS packets, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. This issue affects both IPv4 and IPv6. This issue can only be exploited from within the MPLS domain. End-users connected to the CE device cannot cause this crash. • http://www.securitytracker.com/id/1041847 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 152EXPL: 0CVE-2018-0049 – Junos OS: Receipt of a specifically crafted malicious MPLS packet leads to a Junos kernel crash.
https://notcve.org/view.php?id=CVE-2018-0049
10 Oct 2018 — A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to cause the Junos OS kernel to crash. Continued receipt of this specifically crafted malicious MPLS packet will cause a sustained Denial of Service condition. This issue require it to be received on an interface configured to receive this type of traffic. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D76 prior to 12.1X46-D81 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX... • http://www.securityfocus.com/bid/105701 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 459EXPL: 2CVE-2018-15504
https://notcve.org/view.php?id=CVE-2018-15504
18 Aug 2018 — An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11. Se ha descubierto un problema en Embedthis GoAhead en versiones anteriores a la 4.0.1 y Appweb anteriores a la 7.0.2. El servidor maneja incorrectamente algunos campos request HTTP asociados con time, lo que resulta en una de... • https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2daef • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 115EXPL: 0CVE-2018-0024 – Junos OS: A privilege escalation vulnerability exists where authenticated users with shell access can become root
https://notcve.org/view.php?id=CVE-2018-0024
11 Jul 2018 — An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D45 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 12.3 versions prior to 12.3R11 on EX Series; 14.1X53 versions prior to 14.1X53-D30 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3... • http://www.securityfocus.com/bid/104718 • CWE-269: Improper Privilege Management •
CVSS: 5.9EPSS: 0%CPEs: 262EXPL: 0CVE-2018-0034 – Junos OS: A malicious crafted IPv6 DHCP packet may cause the JDHCPD daemon to core
https://notcve.org/view.php?id=CVE-2018-0034
11 Jul 2018 — A Denial of Service vulnerability exists in the Juniper Networks Junos OS JDHCPD daemon which allows an attacker to core the JDHCPD daemon by sending a crafted IPv6 packet to the system. This issue is limited to systems which receives IPv6 DHCP packets on a system configured for DHCP processing using the JDHCPD daemon. This issue does not affect IPv4 DHCP packet processing. Affected releases are Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S10 on EX Series; 12.3X48 versions prior to 12.3X48-D70... • http://www.securitytracker.com/id/1041338 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 78EXPL: 0CVE-2018-0005 – Security Bulletin: Junos OS: MAC move limit configured to drop traffic may forward traffic.
https://notcve.org/view.php?id=CVE-2018-0005
10 Jan 2018 — QFX and EX Series switches configured to drop traffic when the MAC move limit is exceeded will forward traffic instead of dropping traffic. This can lead to denials of services or other unintended conditions. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D40; 15.1X53 versions prior to 15.1X53-D55; 15.1 versions prior to 15.1R7. Los switches de las series QFX y EX configurados para volcar el tráfico cuando se excede el límite de movimiento de MAC redireccionan tráfico en ... • http://www.securitytracker.com/id/1040182 • CWE-754: Improper Check for Unusual or Exceptional Conditions •