Page 31 of 165 results (0.061 seconds)

CVSS: 7.1EPSS: 0%CPEs: 16EXPL: 0

Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before 11.4R9, and 12.1R before 12.1R7 on SRX Series service gateways allows remote attackers to cause a denial of service (flowd crash) via a crafted IP packet. Juniper Junos 10.4S anteriores a 10.4S15, 10.4R anteriores a 10.4R16, 11.4 anteriores a 11.4R9 y 12.1R anteriores a 12.1R7 en los servicios de pasarela SRX Series permite a atacantes remotos causar denegación de servicio (caída de flowd) a través de un paquete IP manipulado. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10610 http://osvdb.org/101863 http://www.securityfocus.com/bid/64764 http://www.securitytracker.com/id/1029583 •

CVSS: 7.1EPSS: 0%CPEs: 11EXPL: 0

The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2-S2, and 13.3 before 13.3R1, when xnm-ssl or xnm-clear-text is enabled, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. El procesador de comandos XNM en Juniper Junos 10.4 anteriores a 10.4R16, 11.4 anteriores a 11.4R10, 12.1R anteriores a 12.1R8-S2, 12.X44 anteriores a 12.1X44-D30, 12.1X45 anteriores a 12.X45-D20, 12.1X46 anteriores a 12.1X46-D10, 12.2 anteriores a 12.2R7, 12.3 anteriores a 12.3R5, 13.1 anteriores a 13.1R3-S1, 13.2 anteriores a 13.2R2-S2, y 13.3 anteriores a 13.3R1, cuando xnml-ssl o xnm-clear-text está activo, permite a atacantes remotos causar denegación de servicio (consumo de memoria) a través de vectores no especificados. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10607 http://osvdb.org/101861 http://www.securitytracker.com/id/1029586 •

CVSS: 7.8EPSS: 1%CPEs: 17EXPL: 0

Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted HTTP message. Juniper Junos anterior a la versión 10.4 anterior a 10.4R16, 11.4 anterior a la versión 11.4R8, 12.1R anterior a 12.1R7, 12.1X44 anterior a la versión 12.1X44-D20, y 12.1X45 anterior a 12.1X45-D10 en pasarelas de servicio SRX Series, cuando se usa como un agente UAC y el portal cautivo está activado, permite a atacantes remotos provocar una denegación de servicio (cuelgue flowd) a través de un mensaje HTTP manipulado. • http://osvdb.org/101864 http://www.securityfocus.com/bid/64769 http://www.securitytracker.com/id/1029584 https://exchange.xforce.ibmcloud.com/vulnerabilities/90238 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10611 •

CVSS: 9.0EPSS: 3%CPEs: 9EXPL: 4

jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action. jsdm / ajax / port.php de J-Web en Juniper Junos anterior 10.4R13, 11.4 anterior a 11.4R, 12,.1 anterior a 12.1R5 anterior a 12.2R3 y 12.3 antes 12.3R1 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través del parámetro rsargs en una acción exec. • https://www.exploit-db.com/exploits/29544 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10560 http://secunia.com/advisories/54731 http://www.exploit-db.com/exploits/29544 http://www.securityfocus.com/bid/62305 http://www.securitytracker.com/id/1029016 http://www.senseofsecurity.com.au/advisories/SOS-13-003 https://exchange.xforce.ibmcloud.com/vulnerabilities/87011 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 0

Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when Proxy ARP is enabled on an unnumbered interface, allows remote attackers to perform ARP poisoning attacks and possibly obtain sensitive information via a crafted ARP message. Juniper Junos 10.4 anterior a 10.4S15, 11.4 anterior a 11.4R9, 11.4X27 anterior a 11.4X27.44, 12.1 anterior a 12.1R7, 12.1X44 anterior a 12.1X44-D20, 12.1X45 anterior a 12.1X45-D15, 12.2 anterior a 12.2R6, 12.3 anterior a 12.3R3, 13.1 anterior a 13.1R3, y 13.2 anterior a 13.2R1, cuando Proxy ARP está activo en una interfaz sin numerar, permite a atacantes remotos ejecutar envenenamiento ARP y posiblemente obtener información sensible a través de un mensaje ARP manipulado. • https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10595 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •