Page 36 of 316 results (0.013 seconds)

CVSS: 7.5EPSS: 0%CPEs: 149EXPL: 0

An improper restriction of operations within the bounds of a memory buffer vulnerability in Juniper Networks Junos OS J-Web on SRX Series devices allows an attacker to cause Denial of Service (DoS) by sending certain crafted HTTP packets. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. When this issue occurs, web-management, NTP daemon (ntpd) and Layer 2 Control Protocol process (L2CPD) daemons might crash. This issue affects Juniper Networks Junos OS on SRX Series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2; Una vulnerabilidad de restricción inapropiada de operaciones dentro de los límites de un búfer de memoria en Juniper Networks Junos OS J-Web en dispositivos de la serie SRX permite a un atacante causar una Denegación de Servicio (DoS) mediante el envío de determinados paquetes HTTP diseñados. La recepción y el procesamiento continuo de estos paquetes crearán una condición sostenida de Denegación de Servicio (DoS). • https://kb.juniper.net/JSA11122 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.5EPSS: 0%CPEs: 181EXPL: 0

A vulnerability in the handling of internal resources necessary to bring up a large number of Layer 2 broadband remote access subscriber (BRAS) nodes in Juniper Networks Junos OS can cause the Access Node Control Protocol daemon (ANCPD) to crash and restart, leading to a Denial of Service (DoS) condition. Continued processing of spoofed subscriber nodes will create a sustained Denial of Service (DoS) condition. When the number of subscribers attempting to connect exceeds the configured maximum-discovery-table-entries value, the subscriber fails to map to an internal neighbor entry, causing the ANCPD process to crash. This issue affects Juniper Networks Junos OS: All versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R2. Una vulnerabilidad en el manejo de los recursos internos necesarios para activar una gran cantidad de nodos de broadband remote access subscriber (BRAS) de Capa 2 en Juniper Networks Junos OS puede causar que el demonio Access Node Control Protocol se bloquee y reinicie, conllevando a una condición de Denegación de Servicio (DoS) sostenida. • https://kb.juniper.net/JSA11119 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 6.5EPSS: 0%CPEs: 168EXPL: 0

A vulnerability in the distributed or centralized periodic packet management daemon (PPMD) of Juniper Networks Junos OS may cause receipt of a malformed packet to crash and restart the PPMD process, leading to network destabilization, service interruption, and a Denial of Service (DoS) condition. Continued receipt and processing of these malformed packets will repeatedly crash the PPMD process and sustain the Denial of Service (DoS) condition. Due to the nature of the specifically crafted packet, exploitation of this issue requires direct, adjacent connectivity to the vulnerable component. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S12, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S5, 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2. Una vulnerabilidad en el demonio de administración periódica de paquetes (PPMD) distribuido o centralizado de Juniper Networks Junos OS, puede causar que la recepción de un paquete malformado se bloquee y reinicie el proceso PPMD, conllevando a la desestabilización de la red, la interrupción del servicio y una condición de Denegación de Servicio (DoS) . • https://kb.juniper.net/JSA11117 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 197EXPL: 0

A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root. telnetd.real is shipped with setuid permissions enabled and is owned by the root user, allowing local users to run telnetd.real with root privileges. This issue affects Juniper Networks Junos OS: all versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R2. Una vulnerabilidad de escalada de privilegios local en telnetd.real de Juniper Networks Junos OS, puede permitir a un usuario de shell autenticado local escalar privilegios y ejecutar comandos arbitrarios como root. telnetd.real es enviado con permisos setuid habilitados y es propiedad del usuario root, permitiendo a usuarios locales ejecutar telnetd.real con privilegios root. Este problema afecta a Juniper Networks Junos OS: todas las versiones anteriores a 15.1R7-S9; versiones 17.3 anteriores a 17.3R3-S11; versiones 17.4 anteriores a 17.4R2-S12, 17.4R3-S3; versiones 18.1 anteriores a 18.1R3-S11; versiones 18.2 anteriores a 18.2R3-S6; versiones 18.3 anteriores a 18.3R2-S4, 18.3R3-S4; versiones 18.4 anteriores a 18.4R2-S7, 18.4R3-S6; versiones 19.1 anteriores a 19.1R2-S2, 19.1R3-S4; versiones 19.2 anteriores a 19.2R1-S6, 19.2R3-S1; versiones 19.3 anteriores a 19.3R3-S1; versiones 19.4 anteriores a 19.4R2-S2, 19.4R3; versiones 20.1 anteriores a 20. • https://kb.juniper.net/JSA11114 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •

CVSS: 7.4EPSS: 0%CPEs: 285EXPL: 0

A vulnerability in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending certain crafted protocol packets from an adjacent device with invalid payloads to the device. These crafted packets, which should be discarded, are instead replicated and sent to the RE. Over time, a Denial of Service (DoS) occurs. Continued receipt of these crafted protocol packets will cause an extended Denial of Service (DoS) condition, which may cause wider traffic impact due to protocol flapping. An indication of compromise is to check "monitor interface traffic" on the ingress and egress port packet counts. • https://kb.juniper.net/JSA11094 • CWE-16: Configuration •