CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2014-2712
https://notcve.org/view.php?id=CVE-2014-2712
Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before 12.2R1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to index.php. Vulnerabilidad de XSS en J-Web en Juniper Junos en versiones anteriores a 10.0S25, 10.4 en versiones anteriores a 10.4R10, 11.4 en versiones anteriores a 11.4R11, 12.1 en versiones anteriores a 12.1R9, 12.1X44 en versiones anteriores a 12.1X44-D30, 12.1X45 en versiones anteriores a 12.1X45-D20, 12.1X46 en versiones anteriores a 12.1X46-D10 y 12.2 en versiones anteriores a 12.2R1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados en index.php. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10521 http://www.securityfocus.com/bid/66767 http://www.securitytracker.com/id/1030058 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 67EXPL: 0CVE-2013-7313
https://notcve.org/view.php?id=CVE-2013-7313
The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. La implementación de OSPF en Juniper Junos hasta la versión 13.x, JunosE, y ScreenOS hasta la versión 6.3.x no considera la posibilidad de valores Link State ID duplicados en Link State Adverisement (LSA) antes de realizar operaciones en la base de datos LSA, lo que permite a atacantes remotos provocar una denegación de servicio (interrupción de enrutamiento) u obtener información sensible de paquetes a través de un paquete LSA manipulado, una vulnerabilidad relacionada con CVE-2013-0149. • http://www.kb.cert.org/vuls/id/229804 http://www.kb.cert.org/vuls/id/BLUU-97KQ26 •
CVSS: 7.1EPSS: 0%CPEs: 11EXPL: 0CVE-2014-0613
https://notcve.org/view.php?id=CVE-2014-0613
The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2-S2, and 13.3 before 13.3R1, when xnm-ssl or xnm-clear-text is enabled, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. El procesador de comandos XNM en Juniper Junos 10.4 anteriores a 10.4R16, 11.4 anteriores a 11.4R10, 12.1R anteriores a 12.1R8-S2, 12.X44 anteriores a 12.1X44-D30, 12.1X45 anteriores a 12.X45-D20, 12.1X46 anteriores a 12.1X46-D10, 12.2 anteriores a 12.2R7, 12.3 anteriores a 12.3R5, 13.1 anteriores a 13.1R3-S1, 13.2 anteriores a 13.2R2-S2, y 13.3 anteriores a 13.3R1, cuando xnml-ssl o xnm-clear-text está activo, permite a atacantes remotos causar denegación de servicio (consumo de memoria) a través de vectores no especificados. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10607 http://osvdb.org/101861 http://www.securitytracker.com/id/1029586 •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 0CVE-2014-0615
https://notcve.org/view.php?id=CVE-2014-0615
Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows local users to gain privileges via vectors related to "certain combinations of Junos OS CLI commands and arguments." Juniper Junos 10.4 anteriores a 10.4R16, 11.4 anteriores a 11.4R10, 12.1R anteriores a 12.1R8-S2, 12.1X44 anteriores a 12.1X44-D30, 12.1X45 anteriores a 12.1X45-D20, 12.1X46 anteriores a 12.1X46-D10, 12.2 anteriores a 12.2R7, 12.3 anteriores a 12.3R5, 13.1 anteriores a 13.1R3-S1, 13.2 anteriores a 13.2R2 y 13.3 anteriores a 13.3R1, permite a usuarios locales obener privilegios a través de vectores relacionados con "ciertas combinaciones de comandos y argumentos Junos OS CLI". • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10608 http://osvdb.org/101862 http://www.securityfocus.com/bid/64762 http://www.securitytracker.com/id/1029585 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 11EXPL: 0CVE-2014-0616
https://notcve.org/view.php?id=CVE-2014-0616
Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R4-S2, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows remote attackers to cause a denial of service (rdp crash) via a large BGP UPDATE message which immediately triggers a withdraw message to be sent, as demonstrated by a long AS_PATH and a large number of BGP Communities. Juniper Junos 10.4 anteriores a 10.4R16, 11.4 anteriores a 11.4R10, 12.1R anteriores a 12.1R8-S2, 12.1X44 anteriores a 12.1X44-D30, 12.1X45 anteriores a 12.1X45-D20, 12.1X46 anteriores a 12.1X46-D10, 12.2 anteriores a 12.2R7, 12.3 anteriores a 12.3R4-S2, 13.1 anteriores a 13.1R3-S1, 13.2 anteriores a 13.2R2 y 13.3 anteriores a 13.3R1, permite a atacantes remotos causar denegación de servicio (caída de rdp) a través de un mensaje BGP_UPDATE largo que lanza inmediatamente un envío de retirada de mensaje, como se muestra con un AS_PATH largo y un gran número de "BGP Communities". • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10609 http://osvdb.org/101868 http://www.securityfocus.com/bid/64766 http://www.securitytracker.com/id/1029582 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •