Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2018-0051

    A Denial of Service vulnerability in the SIP application layer gateway (ALG) component of Junos OS based platforms allows an attacker to crash MS-PIC, MS-MIC, MS-MPC, MS-DPC or SRX flow daemon (flowd) process. This issue affects Junos OS devices with NAT ... Read more

    Affected Products : junos
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-0050

    An error handling vulnerability in Routing Protocols Daemon (RPD) of Juniper Networks Junos OS allows an attacker to cause RPD to crash. Continued receipt of this malformed MPLS RSVP packet will cause a sustained Denial of Service condition. Affected rele... Read more

    Affected Products : junos
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-0049

    A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to cause the Junos OS kernel to crash. Continued receipt of this specifically crafted malicious MPLS packet will cause a sustained Denial of Service condition. This i... Read more

    Affected Products : junos srx100 srx110 srx210 srx220 srx240 srx550 srx650 srx1400 srx3400 +48 more products
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-0048

    A vulnerability in the Routing Protocols Daemon (RPD) with Juniper Extension Toolkit (JET) support can allow a network based unauthenticated attacker to cause a severe memory exhaustion condition on the device. This can have an adverse impact on the syste... Read more

    Affected Products : junos
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2018-0047

    A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different... Read more

    Affected Products : junos_space junos_space
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-0046

    A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affec... Read more

    Affected Products : junos_space
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-0045

    Receipt of a specific Draft-Rosen MVPN control packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending the same specific Draft-Rosen MVPN control packet, an attacker can... Read more

    Affected Products : junos srx100 srx110 srx210 srx220 srx650 ex2300 ex3400 srx1500 srx240m +13 more products
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-0044

    An insecure SSHD configuration in Juniper Device Manager (JDM) and host OS on Juniper NFX Series devices may allow remote unauthenticated access if any of the passwords on the system are empty. The affected SSHD configuration has the PermitEmptyPasswords ... Read more

    Affected Products : junos nfx250 nfx150
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-0043

    Receipt of a specific MPLS packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending specific MPLS packets, an attacker can repeatedly crash the RPD process causing a sust... Read more

    Affected Products : junos srx5600 srx5800 ex2200 ex2200-c ex2300 ex2300-c ex3200 ex3300 ex3400 +38 more products
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-0042

    Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability.... Read more

    Affected Products : contrail_service_orchestration
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-0041

    Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone.... Read more

    Affected Products : contrail_service_orchestration
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-0040

    Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services.... Read more

    Affected Products : contrail_service_orchestration
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-0039

    Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit oth... Read more

    Affected Products : contrail_service_orchestration
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-0038

    Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra.... Read more

    Affected Products : contrail_service_orchestration
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-0037

    Junos OS routing protocol daemon (RPD) process may crash and restart or may lead to remote code execution while processing specific BGP NOTIFICATION messages. By continuously sending crafted BGP NOTIFICATION messages, an attacker can repeatedly crash the ... Read more

    Affected Products : junos
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-0035

    QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended additional Op... Read more

    Affected Products : junos qfx10002 qfx5200
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2018-0034

    A Denial of Service vulnerability exists in the Juniper Networks Junos OS JDHCPD daemon which allows an attacker to core the JDHCPD daemon by sending a crafted IPv6 packet to the system. This issue is limited to systems which receives IPv6 DHCP packets on... Read more

    Affected Products : junos srx100 srx110 srx210 srx220 srx240 srx550 srx650 srx1400 srx3400 +46 more products
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-0032

    The receipt of a crafted BGP UPDATE can lead to a routing process daemon (RPD) crash and restart. Repeated receipt of the same crafted BGP UPDATE can result in an extended denial of service condition for the device. This issue only affects the specific ve... Read more

    Affected Products : junos
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2018-0031

    Receipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall filter. The crafted UDP packets must be encapsulated and meet a very specific packet format to be classified in a way that bypasses IP firewall filter rules. ... Read more

    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-0030

    Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) line cards or PTX1K to crash and restart. By continuously sending specific MPLS packets, an attacker can repeatedly crash the line cards or PTX1K causing a sustained Denial of... Read more

    Affected Products : junos
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293496 Results