Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Junos
(Juniper)| Repositories |
• https://github.com/embedthis/appweb
• https://github.com/jquery/jquery-ui |
| #Vulnerabilities | 610 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2013-07-11 | CVE-2013-4685 | Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute arbitrary code via crafted HTTP requests, aka PR 849100. | Junos, Srx100, Srx110, Srx1400, Srx210, Srx220, Srx240, Srx3400, Srx3600, Srx550, Srx5600, Srx5800, Srx650 | N/A | ||
| 2013-07-11 | CVE-2013-4684 | flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 before 12.1R7, and 12.1X44 before 12.1X44-D15 on SRX devices, when PIM and NAT are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted PIM packets, aka PR 842253. | Junos, Srx100, Srx110, Srx1400, Srx210, Srx220, Srx240, Srx3400, Srx3600, Srx550, Srx5600, Srx5800, Srx650 | N/A | ||
| 2009-09-30 | CVE-2009-3487 | Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via (1) the JEXEC_OUTID parameter in a JEXEC_MODE_RELAY_OUTPUT action to the jexec program; the (2) act, (3) refresh-time, or (4) ifid parameter to scripter.php; (5) the revision parameter in a rollback action to the configuration program; the m[] parameter to the (6) monitor, (7) manage, (8) events, (9) configuration, or... | Junos | N/A | ||
| 2009-09-30 | CVE-2009-3486 | Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the diagnose program; or (2) the traceroute program, reachable through the diagnose program; or (3) the probe-limit parameter to the configuration program; the (4) wizard-ids or (5) pager-new-identifier parameter in a firewall-filters action to the... | Junos | N/A | ||
| 2009-09-30 | CVE-2009-3485 | Cross-site scripting (XSS) vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI. | Junos | N/A | ||
| 2007-12-15 | CVE-2007-6372 | Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, possibly BGP UPDATE packets that trigger session flapping. | Junos | N/A | ||
| 2006-07-11 | CVE-2006-3529 | Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, 2006, allows remote attackers to cause a denial of service (kernel packet memory consumption and crash) via crafted IPv6 packets whose buffers are not released after they are processed. | Junos | N/A | ||
| 2004-12-06 | CVE-2004-0468 | Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows remote attackers to cause a denial of service (memory exhaustion and device reboot) via certain IPv6 packets. | Junos | N/A | ||
| 2004-12-31 | CVE-2004-0467 | Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a denial of service (routing disabled) via a large number of MPLS packets, which are not filtered or verified before being sent to the Routing Engine, which reduces the speed at which other packets are processed. | Junos | N/A | ||
| 2004-08-18 | CVE-2004-0230 | TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP. | Junos, Network_data_loss_prevention, Netbsd, Openpgp, Solaris, Openserver, Unixware | N/A |