Page 96 of 527 results (0.012 seconds)

CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 0

Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, and 12.3X48 before 12.3X48-D10 on SRX series devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Dynamic VPN en Juniper Junos 12.1X44 anterior a 12.1X44-D45, 12.1X46 anterior a 12.1X46-D30, 12.1X47 anterior a 12.1X47-D20, y 12.3X48 anterior a 12.3X48-D10 en los dispositivos de la serie SRX permite a atacantes remotos inyectar secuencias de comandos arbitrarios o HTML a través de vectores no especificados. • http://www.securityfocus.com/bid/74016 http://www.securitytracker.com/id/1032089 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 46EXPL: 0

Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 allows local users to gain privileges via crafted combinations of CLI commands and arguments. Juniper Junos 12.1X44 anterior a 12.1X44-D45, 12.1X46 anterior a 12.1X46-D30, 12.1X47 anterior a 12.1X47-D20, 12.3 anterior a 12.3R9, 12.3X48 anterior a 12.3X48-D10, 13.2 anterior a 13.2R6, 13.3 anterior a 13.3R5, 14.1 anterior a 14.1R3, y 14.2 anterior a 14.2R1 permite a usuarios locales ganar privilegios a través de combinaciones manipuladas de comandos y argumentos CLI. • http://www.securityfocus.com/bid/74023 http://www.securitytracker.com/id/1032092 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10674 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.9EPSS: 0%CPEs: 34EXPL: 0

Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, and 12.3X48 before 12.3X48-D10 on SRX series devices does not properly enforce the log-out-on-disconnect feature when configured in the [system port console] stanza, which allows physically proximate attackers to reconnect to the console port and gain administrative access by leveraging access to the device. Juniper Junos 12.1X44 anterior a 12.1X44-D45, 12.1X46 anterior a 12.1X46-D30, 12.1X47 anterior a 12.1X47-D15, y 12.3X48 anterior a 12.3X48-D10 en los dispositivos de la serie SRX no fuerza correctamente la característica cerrar al desconectar cuando configurada en la estrofa [system port console], lo que permite a atacantes físicamente próximos reconectar con el puerto de la consola y ganar el acceso administrativo mediante el aprovechamiento del acceso al dispositivo. • http://www.securityfocus.com/bid/74019 http://www.securitytracker.com/id/1032091 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10672 • CWE-17: DEPRECATED: Code •

CVSS: 4.3EPSS: 0%CPEs: 48EXPL: 0

J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D10, 12.3X48 before 12.3X48-D10, 12.2 before 12.2R9, 12.3 before 12.3R7, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R5, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, and 14.2 before 14.2R1 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header. J-Web en Juniper Junos 11.4 anterior a 11.4R12, 12.1X44 anterior a 12.1X44-D35, 12.1X46 anterior a 12.1X46-D25, 12.1X47 anterior a 12.1X47-D10, 12.3X48 anterior a 12.3X48-D10, 12.2 anterior a 12.2R9, 12.3 anterior a 12.3R7, 13.2 anterior a 13.2R6, 13.2X51 anterior a 13.2X51-D20, 13.3 anterior a 13.3R5, 14.1 anterior a 14.1R3, 14.1X53 anterior a 14.1X53-D10, y 14.2 anterior a 14.2R1 permite a atacantes remotos realizar ataques de clickjacking a través de una cabecera X-Frame-Options. • http://www.securityfocus.com/bid/74017 http://www.securitytracker.com/id/1032090 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10675 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 4%CPEs: 460EXPL: 3

Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,". Embedthis Appweb anterior a 4.6.6 y 5.x anterior a 5.2.1 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo) a través de una cabecera de rango con un valor vacío, tal y como fue demostrado por 'Rango: x=,'. Appweb Web Server suffers from a denial of service vulnerability. • http://packetstormsecurity.com/files/131157/Appweb-Web-Server-Denial-Of-Service.html http://seclists.org/fulldisclosure/2015/Apr/19 http://seclists.org/fulldisclosure/2015/Mar/158 http://www.openwall.com/lists/oss-security/2015/03/28/2 http://www.openwall.com/lists/oss-security/2015/04/06/2 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/archive/1/535028/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/5 • CWE-476: NULL Pointer Dereference •