Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.0

    HIGH
    CVE-2018-0047

    A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different... Read more

    Affected Products : junos_space junos_space
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-0046

    A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affec... Read more

    Affected Products : junos_space
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-0045

    Receipt of a specific Draft-Rosen MVPN control packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending the same specific Draft-Rosen MVPN control packet, an attacker can... Read more

    Affected Products : junos srx100 srx110 srx210 srx220 srx650 ex2300 ex3400 srx1500 srx240m +13 more products
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-0044

    An insecure SSHD configuration in Juniper Device Manager (JDM) and host OS on Juniper NFX Series devices may allow remote unauthenticated access if any of the passwords on the system are empty. The affected SSHD configuration has the PermitEmptyPasswords ... Read more

    Affected Products : junos nfx250 nfx150
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-0043

    Receipt of a specific MPLS packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending specific MPLS packets, an attacker can repeatedly crash the RPD process causing a sust... Read more

    Affected Products : junos srx5600 srx5800 ex2200 ex2200-c ex2300 ex2300-c ex3200 ex3300 ex3400 +38 more products
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-0042

    Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability.... Read more

    Affected Products : contrail_service_orchestration
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-0041

    Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone.... Read more

    Affected Products : contrail_service_orchestration
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-0040

    Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services.... Read more

    Affected Products : contrail_service_orchestration
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-0039

    Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit oth... Read more

    Affected Products : contrail_service_orchestration
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-0038

    Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra.... Read more

    Affected Products : contrail_service_orchestration
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-0037

    Junos OS routing protocol daemon (RPD) process may crash and restart or may lead to remote code execution while processing specific BGP NOTIFICATION messages. By continuously sending crafted BGP NOTIFICATION messages, an attacker can repeatedly crash the ... Read more

    Affected Products : junos
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-0035

    QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended additional Op... Read more

    Affected Products : junos qfx10002 qfx5200
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2018-0034

    A Denial of Service vulnerability exists in the Juniper Networks Junos OS JDHCPD daemon which allows an attacker to core the JDHCPD daemon by sending a crafted IPv6 packet to the system. This issue is limited to systems which receives IPv6 DHCP packets on... Read more

    Affected Products : junos srx100 srx110 srx210 srx220 srx240 srx550 srx650 srx1400 srx3400 +46 more products
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-0032

    The receipt of a crafted BGP UPDATE can lead to a routing process daemon (RPD) crash and restart. Repeated receipt of the same crafted BGP UPDATE can result in an extended denial of service condition for the device. This issue only affects the specific ve... Read more

    Affected Products : junos
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2018-0031

    Receipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall filter. The crafted UDP packets must be encapsulated and meet a very specific packet format to be classified in a way that bypasses IP firewall filter rules. ... Read more

    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-0030

    Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) line cards or PTX1K to crash and restart. By continuously sending specific MPLS packets, an attacker can repeatedly crash the line cards or PTX1K causing a sustained Denial of... Read more

    Affected Products : junos
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-0029

    While experiencing a broadcast storm, placing the fxp0 interface into promiscuous mode via the 'monitor traffic interface fxp0' can cause the system to crash and restart (vmcore). This issue only affects Junos OS 15.1 and later releases, and affects both ... Read more

    Affected Products : junos ex2300 ex3400 qfx5200 qfx5110 nfx250
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-0027

    Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an inter... Read more

    Affected Products : junos
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-0026

    After Junos OS device reboot or upgrade, the stateless firewall filter configuration may not take effect. This issue can be verified by running the command: user@re0> show interfaces <interface_name> extensive | match filters" CAM destination filters: 0, ... Read more

    Affected Products : junos
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-0025

    When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these credentials may be captured during follow-on HTTP/HTTPS req... Read more

    Affected Products : junos srx100 srx110 srx210 srx220 srx240 srx550 srx650 srx1400 srx3400 +11 more products
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293589 Results