Juniper Junos_space
39 CVEs affecting Juniper Junos_space. Latest disclosed: 2017-10-13. Critical: 3, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-10622 | Critical | 9.8 | 2017-10-13 | An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to… |
CVE-2016-1265 | Critical | 9.8 | 2017-10-13 | A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos… |
CVE-2016-4926 | Critical | 9.8 | 2017-03-20 | Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform ce… |
CVE-2017-2306 | High | 8.8 | 2017-05-30 | On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web inte… |
CVE-2017-2305 | High | 8.8 | 2017-05-30 | On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web inte… |
CVE-2016-4929 | High | 8.8 | 2017-03-20 | Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user. |
CVE-2016-4928 | High | 8.8 | 2017-03-20 | Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space. |
CVE-2016-4927 | High | 8.1 | 2017-03-20 | Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with man… |
CVE-2017-10612 | High | 8.0 | 2017-10-13 | A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or… |
CVE-2017-10624 | High | 7.5 | 2017-10-13 | Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modification… |
CVE-2017-10623 | High | 7.1 | 2017-10-13 | Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, injec… |
CVE-2017-2308 | Medium | 6.5 | 2017-05-30 | An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files… |
CVE-2016-4931 | Medium | 6.5 | 2017-03-20 | XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service. |
CVE-2017-2307 | Medium | 6.1 | 2017-05-30 | A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attack… |
CVE-2016-4930 | Medium | 6.1 | 2017-03-20 | Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative… |
CVE-2017-2309 | Medium | 5.9 | 2017-05-30 | On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web serv… |
CVE-2017-2311 | Medium | 5.3 | 2017-05-30 | On Juniper Networks Junos Space versions prior to 16.1R1, an unauthenticated remote attacker with network access to Junos space device can easily create a deni… |
CVE-2017-2310 | Medium | 5.3 | 2017-05-30 | A firewall bypass vulnerability in the host based firewall of Juniper Networks Junos Space versions prior to 16.1R1 may permit certain crafted packets, represe… |
CVE-2015-2620 | | 2015-07-16 | Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unkn… | |
CVE-2015-3209 | | 2015-06-15 | Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set… |