
CVE-2018-0059 – ScreenOS: Stored Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2018-0059
10 Oct 2018 — A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. Affected releases are Juniper Networks ScreenOS 6.3.0 versions prior to 6.3.0r26. Una vulnerabilidad Cross-Site Scripting (XSS) persistente en la interfaz gráfica de usuario de S... • https://kb.juniper.net/JSA10894 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2014-3814
https://notcve.org/view.php?id=CVE-2014-3814
13 Jun 2014 — The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the device IP. Los dispositivos Juniper Networks NetScreen Firewall con ScreenOS anterior a 6.3r17, cuando configurados para utilizar el cliente de búsqueda DNS interno, permite a atacantes remotos causar una denegación de servicio (caída y reinicio) a través de una se... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10632 • CWE-20: Improper Input Validation •

CVE-2014-3813
https://notcve.org/view.php?id=CVE-2014-3813
13 Jun 2014 — Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via vectors related to a DNS lookup. Vulnerabilidad no especificada en los productos de Juniper Networks NetScreen Firewall con ScreenOS anterior a 6.3r17, cuando está configurado para utilizar el cliente de búsqueda DNS interno, permite a atacantes remotos causar una denegació... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10631 •

CVE-2013-6958 – Juniper SSG20 Denial of Service
https://notcve.org/view.php?id=CVE-2013-6958
13 Dec 2013 — Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet. Juniper NetScreen Firewall corriendo ScreenOS 5.4, 6.2 o 6.3, cuando la pantalla Ping of Dead está deshabilitada, permite a atacantes remotos causar una denegación de servico a través de un paquete manipulado. A special crafted ICMP ECHO REQUEST can cause a denial of service condition on the Juniper SSG20. • http://jvn.jp/en/jp/JVN28436508/index.html •

CVE-2008-6096
https://notcve.org/view.php?id=CVE-2008-6096
09 Feb 2009 — Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS before 5.4r10, 6.0r6, and 6.1r2 allows remote attackers to inject arbitrary web script or HTML via the user name parameter to the (1) web interface login page or the (2) telnet login page. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Juniper NetScreen ScreenOS anteriores a v5.4r10, v6.0r6, y v6.1r2, permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante el parámetr... • http://secunia.com/advisories/32078 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2005-2640 – Juniper NetScreen 5.0 - VPN 'Username' Enumeration
https://notcve.org/view.php?id=CVE-2005-2640
20 Aug 2005 — Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid. • https://www.exploit-db.com/exploits/26168 •

CVE-2004-1446
https://notcve.org/view.php?id=CVE-2004-1446
31 Dec 2004 — Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewall 3.x through 5.x allows remote attackers to cause a denial of service (device reboot or hang) via a crafted SSH v1 packet. • http://secunia.com/advisories/12208 •

CVE-2002-1547
https://notcve.org/view.php?id=CVE-2002-1547
31 Mar 2003 — Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different vulnerability than CVE-2001-0144. • http://archives.neohapsis.com/archives/bugtraq/2002-10/0443.html •

CVE-2002-2150
https://notcve.org/view.php?id=CVE-2002-2150
31 Dec 2002 — Firewalls from multiple vendors empty state tables more slowly than they are filled, which allows remote attackers to flood state tables with packet flooding attacks such as (1) TCP SYN flood, (2) UDP flood, or (3) Crikey CRC Flood, which causes the firewall to refuse any new connections. • http://www.iss.net/security_center/static/10449.php •

CVE-2002-0891
https://notcve.org/view.php?id=CVE-2002-0891
04 Oct 2002 — The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and certain 2.8.x and 3.0.x versions before 3.0.3r1, allows remote attackers to cause a denial of service (crash) via a long user name. El Interfaz web (WebUI) de NetScreen ScreenOS desde la 2.6.1r8 a la anterior a la 3.1.0r1 permite a atacantes remotos causar la Denegación de Servicios (por caida), mediante un nombre largo de usuario. • http://online.securityfocus.com/archive/1/274240 •