CVSS: 8.8EPSS: 0%CPEs: 23EXPL: 0CVE-2019-0017 – Junos Space: Unrestricted file upload vulnerability
https://notcve.org/view.php?id=CVE-2019-0017
The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1. La aplicación de Junos Space, que permite que los archivos Device Image se suban, tiene una comprobación de validez insuficiente, lo que podría permitir la subida de imágenes o scripts, así como otros tipos de contenido. Las distribuciones afectadas son: Junos Space en todas sus versiones anteriores a la 18.3R1. • https://kb.juniper.net/JSA10917 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 147EXPL: 0CVE-2019-0012 – Junos OS: rpd crash on VPLS PE upon receipt of specific BGP message
https://notcve.org/view.php?id=CVE-2019-0012
A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. This issue only affects PE routers configured with BGP Auto discovery for LDP VPLS. Other BGP configurations are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D81; 12.3 versions prior to 12.3R12-S12; 12.3X48 versions prior to 12.3X48-D76; 14.1X53 versions prior to 14.1X53-D48; 15.1 versions prior to 15.1F6-S12, 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D150; 15.1X53 versions prior to 15.1X53-D235, 15.1X53-D495, 15.1X53-D590, 15.1X53-D68; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R1-S5, 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3. • http://www.securityfocus.com/bid/106536 https://kb.juniper.net/JSA10912 •
CVSS: 6.5EPSS: 0%CPEs: 23EXPL: 0CVE-2019-0016 – Junos Space: Authenticated user able to delete devices without delete device privileges
https://notcve.org/view.php?id=CVE-2019-0016
A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1. Un usuario autenticado malicioso podría ser capaz de eliminar un dispositivo de la base de datos de Junos Space sin los privilegios necesarios mediante interacciones Ajax manipuladas obtenidas de otra acción legítima eliminada realizada por otro usuario administrativo. Las distribuciones afectadas son: Junos Space en todas sus versiones anteriores a la 18.3R1. • https://kb.juniper.net/JSA10917 •
CVSS: 5.5EPSS: 0%CPEs: 95EXPL: 0CVE-2019-0015 – Junos OS: SRX Series: Deleted dynamic VPN users are allowed to establish VPN connections until reboot
https://notcve.org/view.php?id=CVE-2019-0015
A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connections. Due to an error in token caching, deleted users are allowed to connect once a previously successful dynamic VPN connection has been established. A reboot is required to clear the cached authentication token. Affected releases are Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D75; 15.1X49 versions prior to 15.1X49-D150; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. • http://www.securityfocus.com/bid/106668 https://kb.juniper.net/JSA10915 • CWE-613: Insufficient Session Expiration •
CVSS: 7.5EPSS: 0%CPEs: 103EXPL: 0CVE-2019-0013 – Junos OS: RPD crash upon receipt of malformed PIM packet
https://notcve.org/view.php?id=CVE-2019-0013
The routing protocol daemon (RPD) process will crash and restart when a specific invalid IPv4 PIM Join packet is received. While RPD restarts after a crash, repeated crashes can result in an extended Denial of Service (DoS) condition. This issue only affects IPv4 PIM. IPv6 PIM is unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77; 12.3X48 versions prior to 12.3X48-D77; 15.1 versions prior to 15.1F6-S10, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D150; 15.1X53 versions prior to 15.1X53-D233, 15.1X53-D59; 16.1 versions prior to 16.1R3-S8, 16.1R4-S8, 16.1R7; 16.2 versions prior to 16.2R2-S6; 17.1 versions prior to 17.1R2-S6, 17.1R3; 17.2 versions prior to 17.2R2-S3, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R2. • http://www.securityfocus.com/bid/106519 https://kb.juniper.net/JSA10913 • CWE-19: Data Processing Errors •