Filtered by vendor Juniper
Subscribe
Total
848 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-2339 | 1 Juniper | 1 Screenos | 2024-11-21 | 3.5 LOW | 8.4 HIGH |
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. | |||||
CVE-2017-2338 | 1 Juniper | 1 Screenos | 2024-11-21 | 3.5 LOW | 8.4 HIGH |
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. | |||||
CVE-2017-2337 | 1 Juniper | 1 Screenos | 2024-11-21 | 3.5 LOW | 8.4 HIGH |
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. | |||||
CVE-2017-2336 | 1 Juniper | 1 Screenos | 2024-11-21 | 3.5 LOW | 9.6 CRITICAL |
A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the attacker to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. | |||||
CVE-2017-2335 | 1 Juniper | 1 Screenos | 2024-11-21 | 3.5 LOW | 8.4 HIGH |
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. | |||||
CVE-2017-2334 | 1 Juniper | 1 Northstar Controller | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted, and subsequently gain complete control of the system. | |||||
CVE-2017-2333 | 1 Juniper | 1 Northstar Controller | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
A persistent denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network-based, authenticated attacker to consume enough system resources to cause a persistent denial of service by visiting certain specific URLs on the server. | |||||
CVE-2017-2332 | 1 Juniper | 1 Northstar Controller | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control over the environment. | |||||
CVE-2017-2331 | 1 Juniper | 1 Northstar Controller | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
A firewall bypass vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to bypass firewall policies, leading to authentication bypass methods, information disclosure, modification of system files, and denials of service. | |||||
CVE-2017-2330 | 1 Juniper | 1 Northstar Controller | 2024-11-21 | 4.9 MEDIUM | 6.2 MEDIUM |
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, local user, to create a fork bomb scenario, also known as a rabbit virus, or wabbit, which will create processes that replicate themselves, until all resources are consumed on the system, leading to a denial of service to the entire system until it is restarted. Continued attacks by an unauthenticated, local user, can lead to persistent denials of services. | |||||
CVE-2017-2329 | 1 Juniper | 1 Northstar Controller | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to execute certain specific unprivileged system files capable of causing widespread denials of system services. | |||||
CVE-2017-2328 | 1 Juniper | 1 Northstar Controller | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to elevate their permissions through reading unprivileged information stored in the NorthStar controller. | |||||
CVE-2017-2327 | 1 Juniper | 1 Northstar Controller | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to consume large amounts of system resources leading to a cascading denial of services. | |||||
CVE-2017-2326 | 1 Juniper | 1 Northstar Controller | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, network-based attacker to replicate the underlying Junos OS VM and all data it maintains to their local system for future analysis. | |||||
CVE-2017-2325 | 1 Juniper | 1 Northstar Controller | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service. | |||||
CVE-2017-2324 | 1 Juniper | 1 Northstar Controller | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to cause a denial of service condition. | |||||
CVE-2017-2323 | 1 Juniper | 1 Northstar Controller | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker crafting packets destined to the device to cause a persistent denial of service to the path computation server service. | |||||
CVE-2017-2322 | 1 Juniper | 1 Northstar Controller | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services. | |||||
CVE-2017-2321 | 1 Juniper | 1 Northstar Controller | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system services partial to full denials of services, modification of system states and files, and potential disclosure of sensitive information which may assist the attacker in further attacks on the system through the use of multiple attack vectors, including man-in-the-middle attacks, file injections, and malicious execution of commands causing out of bound memory conditions leading to other attacks. | |||||
CVE-2017-2320 | 1 Juniper | 1 Northstar Controller | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials. |