Juniper Ex4650
47 CVEs affecting Juniper Ex4650. Latest disclosed: 2026-04-09. Critical: 3, High: 21.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-0211 | Critical | 10.0 | 2021-01-15 | An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (RPD) service allows an attac… |
CVE-2019-0008 | Critical | 9.8 | 2019-04-10 | A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process o… |
CVE-2019-0006 | Critical | 9.8 | 2019-01-15 | A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, Q… |
CVE-2024-39565 | High | 8.8 | 2024-07-10 | An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthe… |
CVE-2024-21620 | High | 8.8 | 2024-01-25 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and E… |
CVE-2021-0275 | High | 8.8 | 2021-04-22 | A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session thereby gaining access to… |
CVE-2018-0043 | High | 8.8 | 2018-10-10 | Receipt of a specific MPLS packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuousl… |
CVE-2021-0203 | High | 8.6 | 2021-01-15 | On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm Control profile applied on the RTG interface might not tak… |
CVE-2020-1613 | High | 8.6 | 2020-04-08 | A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specif… |
CVE-2022-22221 | High | 7.8 | 2022-07-20 | An Improper Neutralization of Special Elements vulnerability in the download manager of Juniper Networks Junos OS on SRX Series and EX Series allows a locally… |
CVE-2024-47497 | High | 7.5 | 2024-10-11 | An Uncontrolled Resource Consumption vulnerability in the http daemon (httpd) of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series a… |
CVE-2023-44191 | High | 7.5 | 2023-10-13 | An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause… |
CVE-2022-22188 | High | 7.5 | 2022-04-14 | An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine (PFE) of Juniper Networks Junos OS allo… |
CVE-2022-22174 | High | 7.5 | 2022-01-19 | A vulnerability in the processing of inbound IPv6 packets in Juniper Networks Junos OS on QFX5000 Series and EX4600 switches may cause the memory to not be fre… |
CVE-2021-0285 | High | 7.5 | 2021-07-15 | An uncontrolled resource consumption vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series switches allows an attacker sending large a… |
CVE-2021-0261 | High | 7.5 | 2021-04-22 | A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Ca… |
CVE-2020-1607 | High | 7.5 | 2020-01-15 | Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-We… |
CVE-2019-0062 | High | 7.5 | 2019-10-09 | A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web s… |
CVE-2019-0043 | High | 7.5 | 2019-04-10 | In MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) process to crash and restart. By continuously sending a spe… |
CVE-2018-15504 | High | 7.5 | 2018-08-18 | An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which r… |