CVSS: 10.0EPSS: 4%CPEs: 21EXPL: 0CVE-2017-2343 – SRX Series: Hardcoded credentials in Integrated UserFW feature.
https://notcve.org/view.php?id=CVE-2017-2343
14 Jul 2017 — The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services authentication API, hardcoded credentials were identified and removed which can impact both the SRX Series device, and potentially LDAP and Active Directory integrated points. An attacker may be able to completely compromise SRX Series... • http://www.securitytracker.com/id/1038904 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.6EPSS: 71%CPEs: 228EXPL: 0CVE-2016-1286 – bind: malformed signature records for DNAME records can trigger assertion failure
https://notcve.org/view.php?id=CVE-2016-1286
09 Mar 2016 — named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. named en ISC BIND 9.x en versiones anteriores a 9.9.8-P4 y 9.10.x en versiones anteriores a 9.10.3-P4 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de un registro de firma manipulado para un registro DNAME, ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html • CWE-617: Reachable Assertion •
CVSS: 6.8EPSS: 68%CPEs: 228EXPL: 0CVE-2016-1285 – bind: malformed packet sent to rndc can trigger assertion failure
https://notcve.org/view.php?id=CVE-2016-1285
09 Mar 2016 — named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. named en ISC BIND 9.x en versiones anteriores a 9.9.8-P4 y 9.10.x en versiones anteriores a 9.10.3-P4 no maneja adecuadamente los archivos DNAME cuando analiza gramaticalmente l... • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 35EXPL: 0CVE-2015-5363
https://notcve.org/view.php?id=CVE-2015-5363
16 Jul 2015 — The SRX Network Security Daemon (nsd) in Juniper SRX Series services gateways with Junos 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 allows remote DNS servers to cause a denial of service (crash) via a crafted DNS response. El demonio SRX de seguridad de red en la serie SRX de Juniper de servicios de puerta de enlace con sistema operativo Junos 12.1X44 anterior a 12.1X44-D50, 12.1X46 anterior a 12.1X46-D35, 12.1X47 anterior a 12.1X47-D25... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10692 • CWE-19: Data Processing Errors •
CVSS: 6.9EPSS: 0%CPEs: 34EXPL: 0CVE-2015-3002
https://notcve.org/view.php?id=CVE-2015-3002
10 Apr 2015 — Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, and 12.3X48 before 12.3X48-D10 on SRX series devices does not properly enforce the log-out-on-disconnect feature when configured in the [system port console] stanza, which allows physically proximate attackers to reconnect to the console port and gain administrative access by leveraging access to the device. Juniper Junos 12.1X44 anterior a 12.1X44-D45, 12.1X46 anterior a 12.1X46-D30, 12.1X47 anterior a 12.1X47... • http://www.securityfocus.com/bid/74019 • CWE-17: DEPRECATED: Code •
CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 0CVE-2015-3005
https://notcve.org/view.php?id=CVE-2015-3005
10 Apr 2015 — Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, and 12.3X48 before 12.3X48-D10 on SRX series devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Dynamic VPN en Juniper Junos 12.1X44 anterior a 12.1X44-D45, 12.1X46 anterior a 12.1X46-D30, 12.1X47 anterior a 12.1X47-D20, y 12.3X48 anterior a 12.3X48-D10 en los dispositivos de la s... • http://www.securityfocus.com/bid/74016 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 3%CPEs: 460EXPL: 4CVE-2014-9708 – Appweb Web Server Denial of Service
https://notcve.org/view.php?id=CVE-2014-9708
28 Mar 2015 — Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,". Embedthis Appweb anterior a 4.6.6 y 5.x anterior a 5.2.1 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo) a través de una cabecera de rango con un valor vacío, tal y como fue demostrado por 'Rango: x=,'. Appweb Web Server suffers from a denial of service vulnerabilit... • https://packetstorm.news/files/id/131157 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2014-3825
https://notcve.org/view.php?id=CVE-2014-3825
14 Oct 2014 — The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted packet. Los dispositivos de la serie Juniper SRX con Junos 11.4 anterior a 11.4R12-S4, 12.1X44 anterior a 12.1X44-D40, 12.1X45 anterior a 12.1X45-D30, 12.1X46 anterior a 12.1X46-D25, y 12.1X47 ante... • http://www.securitytracker.com/id/1031007 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2014-3815
https://notcve.org/view.php?id=CVE-2014-3815
11 Jul 2014 — Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet. Juniper Junos 12.1X46 anterior a 12.1X46-D20 y 12.1X47 anterior a 12.1X47-D10 en dispositivos de la serie SRX permite a atacantes remotos causar una denegación de servicio (caída del demonio de flujo) a través de un paquete SIP manipulado. • http://www.securityfocus.com/bid/68551 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2014-3817
https://notcve.org/view.php?id=CVE-2014-3817
11 Jul 2014 — Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 on SRX Series devices, when NAT protocol translation from IPv4 to IPv6 is enabled, allows remote attackers to cause a denial of service (flowd hang or crash) via a crafted packet. Juniper Junos 11.4 anterior a 11.4R12, 12.1X44 anterior a 12.1X44-D32, 12.1X45 anterior a 12.1X45-D25, 12.1X46 anterior a 12.1X46-D20 y 12.1X47 anterior a 12.1X47-D10 en dispositivos... • http://secunia.com/advisories/59136 • CWE-20: Improper Input Validation •