CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2014-0612
https://notcve.org/view.php?id=CVE-2014-0612
Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before 11.4R11, 12.1X44 before 12.1X44-D26, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, and 12.1X46 before 12.1X46-D10, when Dynamic IPsec VPN is configured, allows remote attackers to cause a denial of service (new Dynamic VPN connection failures and CPU and disk consumption) via unknown vectors. Vulnerabilidad no especificada en Juniper Junos anterior a versión 11.4R10-S1, anterior a versión 11.4R11, versiones 12.1X44 anteriores a 12.1X44-D26, versiones 12.1X44 anteriores a 12.1X44-D30, versiones12.1X45 anteriores a 12.1X45-D20, y versiones 12.1X46 anteriores 12.1X46-D10, cuando Dynamic IPsec VPN está configurada, permite a los atacantes remotos causar una denegación de servicio (nuevas fallas de conexión de Dynamic VPN y consumo de CPU y disco) por medio de vectores desconocidos. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10620 http://secunia.com/advisories/57845 http://securitytracker.com/id?1030057 http://www.securityfocus.com/bid/66759 •
CVSS: 5.4EPSS: 0%CPEs: 67EXPL: 0CVE-2013-7313
https://notcve.org/view.php?id=CVE-2013-7313
The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. La implementación de OSPF en Juniper Junos hasta la versión 13.x, JunosE, y ScreenOS hasta la versión 6.3.x no considera la posibilidad de valores Link State ID duplicados en Link State Adverisement (LSA) antes de realizar operaciones en la base de datos LSA, lo que permite a atacantes remotos provocar una denegación de servicio (interrupción de enrutamiento) u obtener información sensible de paquetes a través de un paquete LSA manipulado, una vulnerabilidad relacionada con CVE-2013-0149. • http://www.kb.cert.org/vuls/id/229804 http://www.kb.cert.org/vuls/id/BLUU-97KQ26 •
CVSS: 7.1EPSS: 0%CPEs: 11EXPL: 0CVE-2014-0616
https://notcve.org/view.php?id=CVE-2014-0616
Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R4-S2, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows remote attackers to cause a denial of service (rdp crash) via a large BGP UPDATE message which immediately triggers a withdraw message to be sent, as demonstrated by a long AS_PATH and a large number of BGP Communities. Juniper Junos 10.4 anteriores a 10.4R16, 11.4 anteriores a 11.4R10, 12.1R anteriores a 12.1R8-S2, 12.1X44 anteriores a 12.1X44-D30, 12.1X45 anteriores a 12.1X45-D20, 12.1X46 anteriores a 12.1X46-D10, 12.2 anteriores a 12.2R7, 12.3 anteriores a 12.3R4-S2, 13.1 anteriores a 13.1R3-S1, 13.2 anteriores a 13.2R2 y 13.3 anteriores a 13.3R1, permite a atacantes remotos causar denegación de servicio (caída de rdp) a través de un mensaje BGP_UPDATE largo que lanza inmediatamente un envío de retirada de mensaje, como se muestra con un AS_PATH largo y un gran número de "BGP Communities". • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10609 http://osvdb.org/101868 http://www.securityfocus.com/bid/64766 http://www.securitytracker.com/id/1029582 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 0CVE-2014-0615
https://notcve.org/view.php?id=CVE-2014-0615
Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows local users to gain privileges via vectors related to "certain combinations of Junos OS CLI commands and arguments." Juniper Junos 10.4 anteriores a 10.4R16, 11.4 anteriores a 11.4R10, 12.1R anteriores a 12.1R8-S2, 12.1X44 anteriores a 12.1X44-D30, 12.1X45 anteriores a 12.1X45-D20, 12.1X46 anteriores a 12.1X46-D10, 12.2 anteriores a 12.2R7, 12.3 anteriores a 12.3R5, 13.1 anteriores a 13.1R3-S1, 13.2 anteriores a 13.2R2 y 13.3 anteriores a 13.3R1, permite a usuarios locales obener privilegios a través de vectores relacionados con "ciertas combinaciones de comandos y argumentos Junos OS CLI". • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10608 http://osvdb.org/101862 http://www.securityfocus.com/bid/64762 http://www.securitytracker.com/id/1029585 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 16EXPL: 0CVE-2014-0617
https://notcve.org/view.php?id=CVE-2014-0617
Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before 11.4R9, and 12.1R before 12.1R7 on SRX Series service gateways allows remote attackers to cause a denial of service (flowd crash) via a crafted IP packet. Juniper Junos 10.4S anteriores a 10.4S15, 10.4R anteriores a 10.4R16, 11.4 anteriores a 11.4R9 y 12.1R anteriores a 12.1R7 en los servicios de pasarela SRX Series permite a atacantes remotos causar denegación de servicio (caída de flowd) a través de un paquete IP manipulado. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10610 http://osvdb.org/101863 http://www.securityfocus.com/bid/64764 http://www.securitytracker.com/id/1029583 •