CVSS: 4.3EPSS: 0%CPEs: 319EXPL: 0CVE-2022-22216 – Junos OS: PTX Series and QFX10000 Series: 'Etherleak' memory disclosure in Ethernet padding data
https://notcve.org/view.php?id=CVE-2022-22216
20 Jul 2022 — An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the PFE of Juniper Networks Junos OS on PTX Series and QFX10k Series allows an adjacent unauthenticated attacker to gain access to sensitive information. PTX1000 and PTX10000 Series, and QFX10000 Series and PTX5000 Series devices sometimes do not reliably pad Ethernet packets, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak' and often detected as C... • https://kb.juniper.net/JSA69720 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 142EXPL: 1CVE-2022-22215 – Junos OS and Junos OS Evolved: /var/run/<pid>.env files are potentially not deleted during termination of a gRPC connection causing inode exhaustion
https://notcve.org/view.php?id=CVE-2022-22215
20 Jul 2022 — A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module (PAM) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). It is possible that after the termination of a gRPC connection the respective/var/run/
CVSS: 6.5EPSS: 0%CPEs: 260EXPL: 0CVE-2022-22214 – Junos OS and Junos OS Evolved: In an MPLS scenario upon receipt of a specific IPv6 packet an FPC will crash
https://notcve.org/view.php?id=CVE-2022-22214
20 Jul 2022 — An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent attacker to cause a PFE crash and thereby a Denial of Service (DoS). An FPC will crash and reboot after receiving a specific transit IPv6 packet over MPLS. Continued receipt of this packet will create a sustained Denial of Service (DoS) condition. This issue does not affect systems configured for IPv4 only. This issue affects: Juniper Networks Junos OS All ver... • https://kb.juniper.net/JSA69718 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 156EXPL: 1CVE-2022-22202 – Junos OS: PTX Series: FPCs may restart unexpectedly upon receipt of specific MPLS packets with certain multi-unit interface configurations
https://notcve.org/view.php?id=CVE-2022-22202
20 Jul 2022 — An Improper Handling of Exceptional Conditions vulnerability on specific PTX Series devices, including the PTX1000, PTX3000 (NextGen), PTX5000, PTX10002-60C, PTX10008, and PTX10016 Series, in Juniper Networks Junos OS allows an unauthenticated MPLS-based attacker to cause a Denial of Service (DoS) by triggering the dcpfe process to crash and FPC to restart. On affected PTX Series devices, processing specific MPLS packets received on an interface with multiple units configured may cause FPC to restart unexpe... • https://kb.juniper.net/JSA69706 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 156EXPL: 0CVE-2022-22197 – Junos OS and Junos OS Evolved: An rpd core will be observed with proxy BGP route-target filtering enabled and certain route add and delete event happening
https://notcve.org/view.php?id=CVE-2022-22197
14 Apr 2022 — An Operation on a Resource after Expiration or Release vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker with an established BGP session to cause a Denial of Service (DoS). This issue occurs when proxy-generate route-target filtering is enabled, and certain proxy-route add and delete events are happening. This issue affects: Juniper Networks Junos OS All versions prior to 17.3R3-S11; 17.4 versions prior to 17... • https://kb.juniper.net/JSA69511 • CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 6.5EPSS: 0%CPEs: 209EXPL: 0CVE-2022-22191 – Junos OS: EX4300: PFE Denial of Service (DoS) upon receipt of a flood of specific ARP traffic
https://notcve.org/view.php?id=CVE-2022-22191
14 Apr 2022 — A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart. After the restart, transit traffic will be temporarily interrupted until the PFE is reprogrammed. In a virtual chassis (VC), the impacted Flexible PIC Concentrator (FPC) ma... • https://kb.juniper.net/JSA69502 • CWE-400: Uncontrolled Resource Consumption CWE-410: Insufficient Resource Pool •
CVSS: 7.2EPSS: 0%CPEs: 124EXPL: 0CVE-2022-22186 – Junos OS: EX4650 Series: Certain traffic received by the Junos OS device on the management interface may be forwarded to egress interfaces instead of discarded
https://notcve.org/view.php?id=CVE-2022-22186
14 Apr 2022 — Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but not destined to the device, may be improperly forwarded to an egress interface, instead of being discarded. Such traffic being sent by a client may appear genuine, but is non-standard in nature and should be considered as potentially malicious. This issue affects: Juniper Networks Junos OS on EX4650 Series: All versions prior to 19.1R3-S8; 19.2 versions prior... • https://kb.juniper.net/JSA69494 • CWE-665: Improper Initialization •
CVSS: 8.8EPSS: 0%CPEs: 213EXPL: 0CVE-2022-22182 – Junos OS: A XSS vulnerability allows an attacker to execute commands on a target J-Web session
https://notcve.org/view.php?id=CVE-2022-22182
14 Apr 2022 — A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S10, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S6; 19.2 versions prior ... • https://kb.juniper.net/JSA69519 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 142EXPL: 0CVE-2022-22181 – Junos OS: J-Web can be compromised through reflected XSS attacks
https://notcve.org/view.php?id=CVE-2022-22181
14 Apr 2022 — A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a network-based authenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web. This may allow the attacker to gain control of the device or attack other authenticated user sessions. This issue affects: Juniper Networks Junos OS All versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versi... • https://kb.juniper.net/JSA69517 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 166EXPL: 0CVE-2021-25220 – DNS forwarders - cache poisoning vulnerability
https://notcve.org/view.php?id=CVE-2021-25220
17 Mar 2022 — BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients. BIND versiones 9.11... • https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •