CVE-2014-0613
https://notcve.org/view.php?id=CVE-2014-0613
The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2-S2, and 13.3 before 13.3R1, when xnm-ssl or xnm-clear-text is enabled, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. El procesador de comandos XNM en Juniper Junos 10.4 anteriores a 10.4R16, 11.4 anteriores a 11.4R10, 12.1R anteriores a 12.1R8-S2, 12.X44 anteriores a 12.1X44-D30, 12.1X45 anteriores a 12.X45-D20, 12.1X46 anteriores a 12.1X46-D10, 12.2 anteriores a 12.2R7, 12.3 anteriores a 12.3R5, 13.1 anteriores a 13.1R3-S1, 13.2 anteriores a 13.2R2-S2, y 13.3 anteriores a 13.3R1, cuando xnml-ssl o xnm-clear-text está activo, permite a atacantes remotos causar denegación de servicio (consumo de memoria) a través de vectores no especificados. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10607 http://osvdb.org/101861 http://www.securitytracker.com/id/1029586 •
CVE-2014-0618
https://notcve.org/view.php?id=CVE-2014-0618
Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted HTTP message. Juniper Junos anterior a la versión 10.4 anterior a 10.4R16, 11.4 anterior a la versión 11.4R8, 12.1R anterior a 12.1R7, 12.1X44 anterior a la versión 12.1X44-D20, y 12.1X45 anterior a 12.1X45-D10 en pasarelas de servicio SRX Series, cuando se usa como un agente UAC y el portal cautivo está activado, permite a atacantes remotos provocar una denegación de servicio (cuelgue flowd) a través de un mensaje HTTP manipulado. • http://osvdb.org/101864 http://www.securityfocus.com/bid/64769 http://www.securitytracker.com/id/1029584 https://exchange.xforce.ibmcloud.com/vulnerabilities/90238 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10611 •
CVE-2013-6618 – Juniper Junos J-Web - Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-6618
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action. jsdm / ajax / port.php de J-Web en Juniper Junos anterior 10.4R13, 11.4 anterior a 11.4R, 12,.1 anterior a 12.1R5 anterior a 12.2R3 y 12.3 antes 12.3R1 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través del parámetro rsargs en una acción exec. • https://www.exploit-db.com/exploits/29544 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10560 http://secunia.com/advisories/54731 http://www.exploit-db.com/exploits/29544 http://www.securityfocus.com/bid/62305 http://www.securitytracker.com/id/1029016 http://www.senseofsecurity.com.au/advisories/SOS-13-003 https://exchange.xforce.ibmcloud.com/vulnerabilities/87011 • CWE-20: Improper Input Validation •
CVE-2013-6014
https://notcve.org/view.php?id=CVE-2013-6014
Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when Proxy ARP is enabled on an unnumbered interface, allows remote attackers to perform ARP poisoning attacks and possibly obtain sensitive information via a crafted ARP message. Juniper Junos 10.4 anterior a 10.4S15, 11.4 anterior a 11.4R9, 11.4X27 anterior a 11.4X27.44, 12.1 anterior a 12.1R7, 12.1X44 anterior a 12.1X44-D20, 12.1X45 anterior a 12.1X45-D15, 12.2 anterior a 12.2R6, 12.3 anterior a 12.3R3, 13.1 anterior a 13.1R3, y 13.2 anterior a 13.2R1, cuando Proxy ARP está activo en una interfaz sin numerar, permite a atacantes remotos ejecutar envenenamiento ARP y posiblemente obtener información sensible a través de un mensaje ARP manipulado. • https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10595 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-6012
https://notcve.org/view.php?id=CVE-2013-6012
Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote attackers to bypass authentication via unspecified vectors. En Juniper Junos 12.1X44 anterior 12.1.X44-D20 y 12.1X45 anterior a 12.1X45-D15, cuando la opción no-validar está habilitada no maneja apropiadamente los errores de configuración durante la fase de "commit" en la secuencia de arranque, lo que permite a atacantes remotos evitar la atenticación a través de vectores no especificados • http://www.securityfocus.com/bid/63389 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10593 • CWE-287: Improper Authentication •