CVSS: 8.8EPSS: 0%CPEs: 193EXPL: 0CVE-2024-21620 – Junos OS: SRX Series and EX Series: J-Web doesn't sufficiently sanitize input to prevent XSS
https://notcve.org/view.php?id=CVE-2024-21620
25 Jan 2024 — An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. A specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives. This issue affects Juniper Networks Junos OS on SRX Series... • https://supportportal.juniper.net/JSA76390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 200EXPL: 0CVE-2024-21619 – Junos OS: SRX Series and EX Series: J-Web - unauthenticated access to temporary files containing sensitive information
https://notcve.org/view.php?id=CVE-2024-21619
25 Jan 2024 — A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information. When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such ... • https://supportportal.juniper.net/JSA76390 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 92EXPL: 0CVE-2023-44191 – Junos OS: QFX5000 Series and EX4000 Series: Denial of Service (DoS) on a large scale VLAN due to PFE hogging
https://notcve.org/view.php?id=CVE-2023-44191
12 Oct 2023 — An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS QFX5000 Series and EX4000 Series platforms, when a high number of VLANs are configured, a specific DHCP packet will cause PFE hogging which will lead to dropping of socket connections. This issue affects: Juniper Networks Junos OS on QFX5000 Series and EX4000 Series * 21.1 versions prior to 21.1R3-S5; * 21.2 ver... • https://supportportal.juniper.net/JSA73155 • CWE-770: Allocation of Resources Without Limits or Throttling •