CVSS: 8.8EPSS: 0%CPEs: 193EXPL: 0CVE-2024-21620 – Junos OS: SRX Series and EX Series: J-Web doesn't sufficiently sanitize input to prevent XSS
https://notcve.org/view.php?id=CVE-2024-21620
25 Jan 2024 — An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. A specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives. This issue affects Juniper Networks Junos OS on SRX Series... • https://supportportal.juniper.net/JSA76390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 200EXPL: 0CVE-2024-21619 – Junos OS: SRX Series and EX Series: J-Web - unauthenticated access to temporary files containing sensitive information
https://notcve.org/view.php?id=CVE-2024-21619
25 Jan 2024 — A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information. When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such ... • https://supportportal.juniper.net/JSA76390 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 0%CPEs: 93EXPL: 0CVE-2023-44203 – Junos OS: QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600: Packet flooding will occur when IGMP traffic is sent to an isolated VLAN
https://notcve.org/view.php?id=CVE-2023-44203
12 Oct 2023 — An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600 allows a adjacent attacker to send specific traffic, which leads to packet flooding, resulting in a Denial of Service (DoS). When a specific IGMP packet is received in an isolated VLAN, it is duplicated to all other ports under the primary VLAN, which causes a flood. This issue affects QFX5000 series, EX2300, EX3... • https://supportportal.juniper.net/JSA73169 • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 5.3EPSS: 34%CPEs: 153EXPL: 0CVE-2023-36851 – Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
https://notcve.org/view.php?id=CVE-2023-36851
26 Sep 2023 — A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of integrity or confidentiality, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS o... • https://supportportal.juniper.net/JSA72300 • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 94%CPEs: 277EXPL: 25CVE-2023-36845 – Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability
https://notcve.org/view.php?id=CVE-2023-36845
17 Aug 2023 — A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions ... • https://packetstorm.news/files/id/176969 • CWE-473: PHP External Variable Modification •
CVSS: 5.3EPSS: 93%CPEs: 158EXPL: 6CVE-2023-36844 – Juniper Junos OS EX Series PHP External Variable Modification Vulnerability
https://notcve.org/view.php?id=CVE-2023-36844
17 Aug 2023 — A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * ... • https://packetstorm.news/files/id/174865 • CWE-473: PHP External Variable Modification •
CVSS: 5.3EPSS: 93%CPEs: 152EXPL: 1CVE-2023-36847 – Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability
https://notcve.org/view.php?id=CVE-2023-36847
17 Aug 2023 — A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos ... • https://packetstorm.news/files/id/174397 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.5EPSS: 0%CPEs: 184EXPL: 0CVE-2022-22234 – Junos OS: EX2300 and EX3400 Series: One of more SFPs might become unavailable when the system is very busy
https://notcve.org/view.php?id=CVE-2022-22234
18 Oct 2022 — An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). If the device is very busy for example while executing a series of show commands on the CLI one or more SFPs might not be detected anymore. The system then changes its state to "unplugged" which is leading to traffic impact and at least a part... • https://kb.juniper.net/JSA69890 • CWE-1250: Improper Preservation of Consistency Between Independent Representations of Shared State •
CVSS: 7.5EPSS: 0%CPEs: 138EXPL: 0CVE-2022-22180 – Junos OS: EX2300 Series, EX2300-MP Series, EX3400 Series: A slow memory leak due to processing of specific IPv6 packets
https://notcve.org/view.php?id=CVE-2022-22180
19 Jan 2022 — An Improper Check for Unusual or Exceptional Conditions vulnerability in the processing of specific IPv6 packets on certain EX Series devices may lead to exhaustion of DMA memory causing a Denial of Service (DoS). Over time, exploitation of this vulnerability may cause traffic to stop being forwarded, or a crash of the fxpc process. An indication of the issue occurring may be observed through the following log messages: Sep 13 17:14:59 hostname : %PFE-3: fpc0 (buf alloc) failed allocating packet buffer Sep ... • https://kb.juniper.net/JSA11286 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 459EXPL: 2CVE-2018-15504
https://notcve.org/view.php?id=CVE-2018-15504
18 Aug 2018 — An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11. Se ha descubierto un problema en Embedthis GoAhead en versiones anteriores a la 4.0.1 y Appweb anteriores a la 7.0.2. El servidor maneja incorrectamente algunos campos request HTTP asociados con time, lo que resulta en una de... • https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2daef • CWE-476: NULL Pointer Dereference •