Filtered by vendor Juniper
Subscribe
Total
1058 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-59993 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Space Node Setting fields that, when visited by another user, enable the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. | |||||
| CVE-2025-59994 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Quick Template page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. | |||||
| CVE-2025-59983 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Template Definition page, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4. | |||||
| CVE-2025-59984 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in Global Search that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4. | |||||
| CVE-2025-59985 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in a field on the Purging Policy page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4. | |||||
| CVE-2025-59986 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the input fields in Model Devices that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4. | |||||
| CVE-2025-59987 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the arbitrary device search field that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4. | |||||
| CVE-2025-59988 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. | |||||
| CVE-2025-59968 | 1 Juniper | 19 Space Security Director, Srx1500, Srx1600 and 16 more | 2026-01-23 | N/A | 8.6 HIGH |
| A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting network traffic that should otherwise be blocked by policy, effectively bypassing intended security controls. This issue affects Junos Space Security Director * all versions prior to 24.1R3 Patch V4 This issue does not affect managed cSRX Series devices. | |||||
| CVE-2025-59974 | 1 Juniper | 1 Space Security Director | 2026-01-23 | N/A | 8.4 HIGH |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Junos Space Security Director allows an attacker to inject malicious scripts into the application, which are then stored and executed in the context of other users' browsers when they access affected pages.This issue affects Juniper Security Director: * All versions before 24.1R4. | |||||
| CVE-2025-59976 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.5 MEDIUM |
| An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker can gain access to files beyond the file path normally allowed by the JBoss daemon. These files could contain sensitive information restricted from access by low-privileged users.This issue affects all versions of Junos Space before 24.1R3. | |||||
| CVE-2025-59978 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 9.0 CRITICAL |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to store script tags directly in web pages that, when viewed by another user, enable the attacker to execute commands with the target's administrative permissions. This issue affects all versions of Junos Space before 24.1R4. | |||||
| CVE-2025-59981 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Template Definition page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4. | |||||
| CVE-2025-59982 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the dashboard search field that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4. | |||||
| CVE-2026-21917 | 1 Juniper | 18 Junos, Srx1500, Srx1600 and 15 more | 2026-01-23 | N/A | 7.5 HIGH |
| An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart. This issue affects Junos OS on SRX Series: * 23.2 versions from 23.2R2-S2 before 23.2R2-S5, * 23.4 versions from 23.4R2-S1 before 23.4R2-S5, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R1-S3, 24.4R2. Earlier versions of Junos are also affected, but no fix is available. | |||||
| CVE-2026-21918 | 1 Juniper | 28 Junos, Mx10004, Mx10008 and 25 more | 2026-01-23 | N/A | 7.5 HIGH |
| A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of packets is encountered a double free happens. This causes flowd to crash and the respective FPC to restart. This issue affects Junos OS on SRX and MX Series: * all versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2. | |||||
| CVE-2026-21914 | 1 Juniper | 18 Junos, Srx1500, Srx1600 and 15 more | 2026-01-23 | N/A | 7.5 HIGH |
| An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). If an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request message, a lock is acquired and never released. This results in other threads not being able to acquire a lock themselves, causing a watchdog timeout leading to FPC crash and restart. This issue leads to a complete traffic outage until the device has automatically recovered. This issue affects Junos OS on SRX Series: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R1-S1, 25.2R2. | |||||
| CVE-2026-21913 | 1 Juniper | 4 Ex4000-48mp, Ex4000-48p, Ex4000-48t and 1 more | 2026-01-23 | N/A | 7.5 HIGH |
| An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP) a high volume of traffic destined to the device will cause an FXPC crash and restart, which leads to a complete service outage until the device has automatically restarted. The following reboot reason can be seen in the output of 'show chassis routing-engine' and as a log message: reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump This issue affects Junos OS on EX4000-48T, EX4000-48P and EX4000-48MP: * 24.4 versions before 24.4R2, * 25.2 versions before 25.2R1-S2, 25.2R2. This issue does not affect versions before 24.4R1 as the first Junos OS version for the EX4000 models was 24.4R1. | |||||
| CVE-2026-21909 | 1 Juniper | 2 Junos, Junos Os Evolved | 2026-01-23 | N/A | 6.5 MEDIUM |
| A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak. Continued receipt and processing of these packets will exhaust all available memory, crashing rpd and creating a Denial of Service (DoS) condition. Memory usage can be monitored through the use of the 'show task memory detail' command. For example: user@junos> show task memory detail | match ted-infra TED-INFRA-COOKIE 25 1072 28 1184 229 user@junos> show task memory detail | match ted-infra TED-INFRA-COOKIE 31 1360 34 1472 307 This issue affects: Junos OS: * from 23.2 before 23.2R2, * from 23.4 before 23.4R1-S2, 23.4R2, * from 24.1 before 24.1R2; Junos OS Evolved: * from 23.2 before 23.2R2-EVO, * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO, * from 24.1 before 24.1R2-EVO. This issue does not affect Junos OS versions before 23.2R1 or Junos OS Evolved versions before 23.2R1-EVO. | |||||
| CVE-2026-21908 | 1 Juniper | 2 Junos, Junos Os Evolved | 2026-01-23 | N/A | 7.1 HIGH |
| A Use After Free vulnerability was identified in the 802.1X authentication daemon (dot1xd) of Juniper Networks Junos OS and Junos OS Evolved that could allow an authenticated, network-adjacent attacker flapping a port to crash the dot1xd process, leading to a Denial of Service (DoS), or potentially execute arbitrary code within the context of the process running as root. The issue is specific to the processing of a change in authorization (CoA) when a port bounce occurs. A pointer is freed but was then referenced later in the same code path. Successful exploitation is outside the attacker's direct control due to the specific timing of the two events required to execute the vulnerable code path. This issue affects systems with 802.1X authentication port-based network access control (PNAC) enabled. This issue affects: Junos OS: * from 23.2R2-S1 before 23.2R2-S5, * from 23.4R2 before 23.4R2-S6, * from 24.2 before 24.2R2-S3, * from 24.4 before 24.4R2-S1, * from 25.2 before 25.2R1-S2, 25.2R2; Junos OS Evolved: * from 23.2R2-S1 before 23.2R2-S5-EVO, * from 23.4R2 before 23.4R2-S6-EVO, * from 24.2 before 24.2R2-S3-EVO, * from 24.4 before 24.4R2-S1-EVO, * from 25.2 before 25.2R1-S2-EVO, 25.2R2-EVO. | |||||