CVSS: 6.8EPSS: 0%CPEs: 58EXPL: 0CVE-2017-2312
https://notcve.org/view.php?id=CVE-2017-2312
24 Apr 2017 — On Juniper Networks devices running Junos OS affected versions and with LDP enabled, a specific LDP packet destined to the RE (Routing Engine) will consume a small amount of the memory allocated for the rpd (routing protocol daemon) process. Over time, repeatedly receiving this type of LDP packet(s) will cause the memory to exhaust and the rpd process to crash and restart. It is not possible to free up the memory that has been consumed without restarting the rpd process. This issue affects Junos OS based de... • http://www.securityfocus.com/bid/97611 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 39EXPL: 0CVE-2017-2313
https://notcve.org/view.php?id=CVE-2017-2313
24 Apr 2017 — Juniper Networks devices running affected Junos OS versions may be impacted by the receipt of a crafted BGP UPDATE which can lead to an rpd (routing process daemon) crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition. The affected Junos OS versions are: 15.1 prior to 15.1F2-S15, 15.1F5-S7, 15.1F6-S5, 15.1F7, 15.1R4-S7, 15.1R5-S2, 15.1R6; 15.1X49 prior to 15.1X49-D78, 15.1X49-D80; 15.1X53 prior to 15.1X53-D230, 15.1X53-D63, 15.1X53-D70; 16.1 prior to 16... • http://www.securityfocus.com/bid/97606 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 74EXPL: 0CVE-2016-1280
https://notcve.org/view.php?id=CVE-2016-1280
09 Sep 2016 — PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before 12.1X46-D37, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D20, 13.3 before 13.3R10, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R7, 15.1 before 15.1R4, 15.1X49 before 15.1X49-D20, 15.1X53 before 15.1X53-D60, and 16.1 before 16.1R1 allow remote attackers to bypass an intended certificate validation mechanism via a self-signed certificate with an Issuer name that matches a valid CA certificate enrolled i... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10755 • CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 6.7EPSS: 0%CPEs: 68EXPL: 0CVE-2016-1267
https://notcve.org/view.php?id=CVE-2016-1267
15 Apr 2016 — Race condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R3-S4, 15.1 before 15.1F2, or 15.1R2, 15.1X49 before 15.1X49-D20, and 16.1 before 16.1R1 allows local users to read, delete, or modify arbitrary files via unspecified vectors. Condición de carrer... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10730 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 79EXPL: 0CVE-2016-1264
https://notcve.org/view.php?id=CVE-2016-1264
15 Apr 2016 — Race condition in the Op command in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 12.3X50 before 12.3X50-D50, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.2X52 before 13.2X52-D30, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R4, 15.1 before 15.1F2 or 15.1R2, 15.1X49 before 15.1X49-D10 or 15.1X49-D20, and 16.1 before 16.1R1 allows remote authenticated users to gain priv... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10725 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 68%CPEs: 228EXPL: 0CVE-2016-1285 – bind: malformed packet sent to rndc can trigger assertion failure
https://notcve.org/view.php?id=CVE-2016-1285
09 Mar 2016 — named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. named en ISC BIND 9.x en versiones anteriores a 9.9.8-P4 y 9.10.x en versiones anteriores a 9.10.3-P4 no maneja adecuadamente los archivos DNAME cuando analiza gramaticalmente l... • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html • CWE-617: Reachable Assertion •
CVSS: 8.6EPSS: 71%CPEs: 228EXPL: 0CVE-2016-1286 – bind: malformed signature records for DNAME records can trigger assertion failure
https://notcve.org/view.php?id=CVE-2016-1286
09 Mar 2016 — named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. named en ISC BIND 9.x en versiones anteriores a 9.9.8-P4 y 9.10.x en versiones anteriores a 9.10.3-P4 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de un registro de firma manipulado para un registro DNAME, ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 4%CPEs: 460EXPL: 4CVE-2014-9708 – Appweb Web Server Denial of Service
https://notcve.org/view.php?id=CVE-2014-9708
28 Mar 2015 — Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,". Embedthis Appweb anterior a 4.6.6 y 5.x anterior a 5.2.1 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo) a través de una cabecera de rango con un valor vacío, tal y como fue demostrado por 'Rango: x=,'. Appweb Web Server suffers from a denial of service vulnerabilit... • https://packetstorm.news/files/id/131157 • CWE-476: NULL Pointer Dereference •