Skip to main content

Junos Os Evolved

227 CVEs product

Monthly

CVE-2026-33801 HIGH PATCH This Week

Remote denial-of-service in Juniper Networks Junos OS and Junos OS Evolved 25.2 (before 25.2R2 / 25.2R2-EVO) lets an adjacent, unauthenticated BGP peer crash the routing protocol daemon (RPD) by sending a single malformed non-inet/inet6 unicast BGP update over an already-established session. The RPD crash-and-restart produces a full routing outage until reconvergence completes, though the crash occurs before the update is readvertised so there is no downstream propagation to other routers. CVSS 4.0 base score is 7.1; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Juniper Denial Of Service Junos Junos Os Evolved
NVD VulDB
CVSS 4.0
7.1
EPSS
0.3%
CVE-2026-33799 MEDIUM PATCH This Month

Memory exhaustion in Juniper Networks Junos OS and Junos OS Evolved snmpd allows an authenticated network attacker to crash SNMP monitoring by sending specific valid SNMPv3 queries that trigger an out-of-bounds write and progressive memory leak. The snmpd process will exhaust available memory over time, crash, and restart, rendering SNMP-based network monitoring unavailable for the duration of each crash cycle. No public exploit code has been identified at time of analysis, and this is not listed in CISA KEV; however, the CVSS 4.0 supplemental metric AU:Y indicates the attack is automatable.

Memory Corruption Juniper Buffer Overflow Junos Junos Os Evolved
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2026-33794 HIGH PATCH This Week

Denial-of-service in Juniper Junos OS Evolved on PTX Series routers lets an unauthenticated network attacker crash the advanced forwarding toolkit process (evo-aftmand) on the Packet Forwarding Engine by driving continuous routing updates that produce unified-list (unilist) ECMP routes. The resulting internal state corruption generates an evo-aftmand-bx core and halts forwarding, requiring a manual FPC restart or system reboot to recover. No public exploit identified at time of analysis; the vendor (Juniper SIRT) notes successful exploitation depends on a sequence of events outside the attacker's direct control, so this is a high-CVSS availability issue rather than a trivially reproducible one.

Juniper Denial Of Service Junos Os Evolved
NVD VulDB
CVSS 4.0
8.2
EPSS
0.4%
CVE-2026-57029 MEDIUM PATCH This Month

Traffic forwarding on Juniper QFX Series switches running Junos OS Evolved can be fully disrupted by an adjacent, unauthenticated attacker exploiting a race condition in the sFlow collector handler. When sFlow collector reachability changes trigger a next-hop entry update concurrently with the sFlow thread reading that same next-hop data, the evo-pfemand process crashes and all packet forwarding halts until the process automatically restarts. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog at time of analysis, but the availability impact is severe for any network segment relying on the affected switch.

Juniper Denial Of Service Junos Os Evolved
NVD VulDB
CVSS 4.0
6.0
EPSS
0.2%
CVE-2026-57028 MEDIUM PATCH This Month

License exhaustion in Juniper Networks Junos OS Evolved lets an unauthenticated, network-based attacker reach the device's license-management process, which was intended to be internal-only but is exposed on an open network port due to incorrect initialization. All Junos OS Evolved releases before 23.2R2-EVO are affected. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the low attack complexity and lack of authentication make it a credible network-facing denial-of-service risk to affected routing/switching platforms.

Authentication Bypass Juniper Junos Os Evolved
NVD VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2026-57025 MEDIUM PATCH This Month

Denial-of-service in Juniper Networks Junos OS and Junos OS Evolved on EX Series, QFX Series, and MX Series allows a local, low-privileged attacker to crash the l2ald (Layer 2 Address Learning Daemon) by issuing a specific 'show l2-learning' CLI command, disrupting all Layer 2 services until the process automatically restarts. The root cause is a Return of Pointer Value Outside of Expected Range flaw (CWE-466) in the fileio library. No public exploit has been identified at time of analysis, and active exploitation has not been confirmed by CISA or the vendor.

Juniper Denial Of Service Junos Os Junos Os Evolved
NVD VulDB
CVSS 4.0
6.8
EPSS
0.1%
CVE-2026-33803 MEDIUM PATCH This Month

Junos OS Evolved exposes an internal communication process to the network via an unintended open port due to incorrect initialization, enabling unauthenticated remote attackers to interact with a service never designed for external access. Affected Juniper devices suffer limited information disclosure and elevated CPU consumption as the misbound process handles unsolicited ingress packets - a soft availability degradation rather than a crash. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but the unauthenticated network vector across a broad version range warrants prompt patching on internet-facing routing infrastructure.

Juniper Information Disclosure Junos Os Evolved
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2026-33788 HIGH PATCH This Week

Local privilege escalation in Juniper Networks Junos OS Evolved on PTX Series routers allows authenticated users with low privileges to gain high-privileged direct access to Flexible PIC Concentrators (FPCs), enabling potential full compromise of affected line cards. Impacts PTX10004, PTX10008, PTX10016 with JNP10K-LC1201 or JNP10K-LC1202 line cards across multiple firmware branches. Missing authentication on critical FPC management functions permits unauthorized privilege elevation. No public exploit identified at time of analysis.

Authentication Bypass Juniper Junos Os Evolved
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-21921 MEDIUM This Month

Repeated telemetry collector subscriptions in Juniper Junos OS and Junos OS Evolved trigger a use-after-free vulnerability in the chassis daemon, allowing authenticated network attackers to crash critical processes and cause denial of service. Affected versions prior to 22.4R3-S8, 23.2R2-S5, and 23.4R2 are vulnerable when telemetry-capable daemons experience continuous sensor subscription cycles. No patch is currently available, leaving affected systems exposed until updates are released.

Juniper Use After Free Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21911 MEDIUM This Month

MAC learning failures in Juniper Junos OS Evolved's Layer 2 Control Protocol Daemon can be triggered by a network-adjacent attacker who repeatedly toggles the management interface, causing label-switched interface MAC address learning to halt while generating excessive logs and consuming high CPU resources. This calculation error (CWE-682) affects availability through denial of service and currently has no available patch. The attack requires network adjacency but no authentication or user interaction.

Juniper Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21909 MEDIUM This Month

Denial of service in Juniper Junos OS and Junos OS Evolved allows an adjacent IS-IS neighbor to trigger a memory leak in the routing protocol daemon by sending specially crafted update packets. Repeated exploitation exhausts available memory and crashes the rpd process, rendering routing unavailable. No patch is currently available.

Juniper Denial Of Service Junos Os Evolved Junos
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21908 HIGH This Week

Juniper Junos OS and Junos OS Evolved contain a use-after-free vulnerability in the 802.1X authentication daemon that allows authenticated, network-adjacent attackers to crash the process or achieve arbitrary code execution as root by triggering specific port state changes. Exploitation requires precise timing of a change-of-authorization event during port transitions, making reliable exploitation difficult but possible. Systems with 802.1X port-based network access control enabled are affected, and no patch is currently available.

Juniper Use After Free Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-60011 MEDIUM This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an availability impact for downstream devices. When an affected device receives a specific optional, transitive BGP attribute over an existing BGP session, it will be erroneously modified before propagation to peers. When the attribute is detected as malformed by the peers, these...

Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-60003 HIGH This Week

A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). [CVSS 7.5 HIGH]

Juniper Buffer Overflow Denial Of Service Junos Os Evolved Junos
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-59961 MEDIUM This Month

An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to write to the Unix socket used to manage the jdhcpd process, resulting in complete control over the resource. This vulnerability allows any low-privileged user logged into the system to connect to the Unix socket and issue commands to manage the DHCP service, in essence, taking administrative control...

Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-59960 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Denial of Service (DoS) on the downstream DHCP server. By default, the DHCP relay agent inserts its own Option 82 information when forwarding client requests, optionally replacing any Option 82 information provided by the client. When a speci...

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-59959 MEDIUM This Month

An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial-of-Service (DoS). [CVSS 5.5 MEDIUM]

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-52989 MEDIUM PATCH This Month

A security vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local (CVSS 5.1). Remediation should follow standard vulnerability management procedures.

Information Disclosure Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-52988 MEDIUM PATCH This Month

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root. When a user provides specifically crafted arguments to the 'request system logout' command, these will be executed as root on the shell, which can completely compromise the device. This issue affects: Junos OS:  * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S8, * 22.2 versions before 22.2R3-S6, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S1, * 23.4 versions before 23.4R1-S2, 23.4R2; Junos OS Evolved: * all versions before 22.4R3-S6-EVO, * 23.2-EVO versions before 23.2R2-S1-EVO, * 23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO.

Juniper Command Injection Junos Junos Os Evolved
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-52986 MEDIUM PATCH This Month

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device. When RIB sharding is enabled and a user executes one of several routing related 'show' commands, a certain amount of memory is leaked. When all available memory has been consumed rpd will crash and restart. The leak can be monitored with the CLI command: show task memory detail | match task_shard_mgmt_cookie where the allocated memory in bytes can be seen to continuously increase with each exploitation. This issue affects: Junos OS: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S11, * 22.2 versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S4,  * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2, * 24.4 versions before 24.4R1-S2, 24.4R2; Junos OS Evolved: * all versions before 22.2R3-S7-EVO * 22.4-EVO versions before 22.4R3-S7-EVO, * 23.2-EVO versions before 23.2R2-S4-EVO, * 23.4-EVO versions before 23.4R2-S4-EVO, * 24.2-EVO versions before 24.2R2-EVO,  * 24.4-EVO versions before 24.4R2-EVO.

Juniper Denial Of Service Junos Os Evolved Junos
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-52985 MEDIUM PATCH This Month

CVE-2025-52985 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Juniper Authentication Bypass Junos Os Evolved
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-52984 MEDIUM PATCH This Month

A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device. When static route points to a reject next hop and a gNMI query is processed for that static route, rpd crashes and restarts. This issue affects: Junos OS:  * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10,  * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R1-S2, 24.2R2; Junos OS Evolved: * all versions before 22.4R3-S7-EVO, * 23.2-EVO versions before 23.2R2-S3-EVO, * 23.4-EVO versions before 23.4R2-S4-EVO, * 24.2-EVO versions before 24.2R2-EVO.

Juniper Null Pointer Dereference Denial Of Service Junos Os Evolved Junos
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-52964 MEDIUM PATCH This Month

A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When the device receives a specific BGP UPDATE packet, the rpd crashes and restarts. Continuous receipt of this specific packet will cause a sustained DoS condition. For the issue to occur, BGP multipath with "pause-computation-during-churn" must be configured on the device, and the attacker must send the paths via a BGP UPDATE from a established BGP peer. This issue affects: Junos OS: * All versions before 21.4R3-S7, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S5, * from 23.2 before 23.2R2, * from 23.4 before 23.4R2. Junos OS Evolved: * All versions before 21.4R3-S7-EVO, * from 22.3 before 22.3R3-S3-EVO, * from 22.4 before 22.4R3-S5-EVO, * from 23.2 before 23.2R2-EVO, * from 23.4 before 23.4R2-EVO.

Juniper Denial Of Service Junos Os Evolved Junos
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52958 MEDIUM PATCH This Month

A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).On all Junos OS and Junos OS Evolved devices, when route validation is enabled, a rare condition during BGP initial session establishment can lead to an rpd crash and restart. This occurs specifically when the connection request fails during error-handling scenario. Continued session establishment failures leads to a sustained DoS condition.  This issue affects Junos OS: * All versions before 22.2R3-S6, * from 22.4 before 22.4R3-S6, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2; Junos OS Evolved: * All versions before 22.2R3-S6-EVO, * from 22.4 before 22.4R3-S6-EVO, * from 23.2 before 23.2R2-S3-EVO, * from 23.4 before 23.4R2-S4-EVO, * from 24.2 before 24.2R2-EVO.

Juniper Denial Of Service Junos Os Evolved Junos
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-52955 MEDIUM PATCH This Month

An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a memory corruption that leads to a rpd crash.  When the logical interface using a routing instance flaps continuously, specific updates are sent to the jflow/sflow modules. This results in memory corruption, leading to an rpd crash and restart.  Continued receipt of these specific updates will cause a sustained Denial of Service condition. This issue affects Junos OS: * All versions before 21.2R3-S9, * All versions of 21.4, * All versions of 22.2, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2. Junos OS Evolved:  * All versions of 21.2-EVO,  * All versions of 21.4-EVO,  * All versions of 22.2-EVO,  * from 22.4 before 22.4R3-S7-EVO,  * from 23.2 before 23.2R2-S3-EVO,  * from 23.4 before 23.4R2-S4-EVO,  * from 24.2 before 24.2R2-EVO.

Denial Of Service Juniper Buffer Overflow Junos Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52954 HIGH PATCH This Week

A command injection vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.

Juniper Information Disclosure Junos Os Evolved
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-52953 MEDIUM PATCH This Month

An Expected Behavior Violation vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPDATE packet to cause a BGP session reset, resulting in a Denial of Service (DoS).  Continuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects iBGP and eBGP and both IPv4 and IPv6 are affected by this vulnerability. This issue affects Junos OS: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S11, * from 22.2 before 22.2R3-S7, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2, * from 24.4 before 24.4R1-S3, 24.4R2 Junos OS Evolved: * All versions before 22.2R3-S7-EVO, * from 22.4-EVO before 22.4R3-S7-EVO, * from 23.2-EVO before 23.2R2-S4-EVO, * from 23.4-EVO before 23.4R2-S4-EVO, * from 24.2-EVO before 24.2R2-EVO, * from 24.4-EVO before 24.4R1-S3-EVO, 24.4R2-EVO.

Juniper Denial Of Service Junos Os Evolved Junos
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52949 MEDIUM PATCH This Month

An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Only systems configured for Ethernet Virtual Private Networking (EVPN) signaling are vulnerable to this issue.  This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.This issue affects: Junos OS:  * all versions before 21.4R3-S11,  * from 22.2 before 22.2R3-S7,  * from 22.4 before 22.4R3-S7,  * from 23.2 before 23.2R2-S4,  * from 23.4 before 23.4R2-S5,  * from 24.2 before 24.2R2-S1,  * from 24.4 before 24.4R1-S3, 24.4R2;  Junos OS Evolved:  * all versions before 22.2R3-S7-EVO,  * from 22.4-EVO before 22.4R3-S7-EVO,  * from 23.2-EVO before 23.2R2-S4-EVO,  * from 23.4-EVO before 23.4R2-S5-EVO,  * from 24.2-EVO before 24.2R2-S1-EVO,  * from 24.4-EVO before 24.4R1-S3-EVO, 24.4R2-EVO.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52946 HIGH PATCH This Week

A denial of service vulnerability (CVSS 7.5) that allows an attacker sending a bgp update with a specifically malformed as path. High severity vulnerability requiring prompt remediation.

Juniper Use After Free Denial Of Service BGP Junos Os Evolved +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-30655 MEDIUM This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-30654 MEDIUM This Month

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos Junos Os Evolved
NVD VulDB
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-30653 MEDIUM This Month

An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2025-30652 MEDIUM This Month

An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker executing a CLI. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD VulDB
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-30651 HIGH This Week

A Buffer Access with Incorrect Length Value vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2025-30648 HIGH This Week

An Improper Input Validation vulnerability in the Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause the jdhcpd. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-30646 HIGH This Week

A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-21597 MEDIUM This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
6.0
EPSS
0.2%
CVE-2025-21595 HIGH This Week

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2024-39564 HIGH This Month

This is a similar, but different vulnerability than the issue reported as CVE-2024-39549. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-21598 HIGH This Month

An Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved's routing protocol daemon (rpd) allows an unauthenticated, network-based attacker to send malformed BGP packets. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Juniper Junos Junos Os Evolved
NVD VulDB
CVSS 4.0
8.2
EPSS
0.6%
CVE-2025-21602 HIGH This Month

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-21600 HIGH This Month

An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Juniper Junos +1
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-21599 HIGH This Month

A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Tunnel Driver (jtd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-21593 HIGH This Month

An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2024-47509 HIGH This Week

An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.4%
CVE-2024-47508 HIGH This Week

An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.4%
CVE-2024-47507 MEDIUM This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos Junos Os Evolved
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-47505 HIGH This Week

An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.4%
CVE-2024-47502 HIGH This Week

An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-47499 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-47498 HIGH This Week

An Unimplemented or Unsupported Feature in UI vulnerability in the CLI of Juniper Networks Junos OS Evolved on QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-47495 HIGH This Week

An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated attacker with shell access to gain full control of the device when Dual Routing Engines (REs) are in. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos Os Evolved
NVD
CVSS 4.0
8.4
EPSS
0.2%
CVE-2024-47491 HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.2
EPSS
0.6%
CVE-2024-47490 HIGH This Week

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
7.7
EPSS
0.6%
CVE-2024-47489 MEDIUM This Month

An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-39544 MEDIUM This Month

An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files,. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Juniper Junos Os Evolved
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-39534 MEDIUM This Month

An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos Os Evolved
NVD
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-39526 HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C lines cards,. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved Junos
NVD
CVSS 4.0
7.1
EPSS
0.4%
CVE-2024-39525 HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-39516 HIGH This Week

An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Juniper Denial Of Service Junos +1
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-39515 HIGH This Week

An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-39553 MEDIUM POC This Month

An Exposure of Resource to Wrong Sphere vulnerability in the sampling service of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to send arbitrary data to the. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-39552 HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-39549 HIGH This Week

A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-39548 HIGH This Week

An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to consume memory resources, resulting. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.5%
CVE-2024-39546 HIGH This Week

A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Juniper Junos Os Evolved
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2024-39543 HIGH This Week

A Buffer Copy without Checking Size of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-39542 HIGH This Week

An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-39541 HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-39538 HIGH This Week

A Buffer Copy without Checking Size of Input vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Juniper Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-39537 MEDIUM This Month

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network-based attacker to cause. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos Os Evolved
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-39536 MEDIUM This Month

A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos Junos Os Evolved
NVD
CVSS 4.0
6.0
EPSS
0.2%
CVE-2024-39535 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, adjacent. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-39532 MEDIUM This Month

An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-39531 HIGH This Week

An Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-39528 MEDIUM This Month

A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Juniper Denial Of Service Memory Corruption Junos +1
NVD
CVSS 4.0
6.0
EPSS
0.3%
CVE-2024-39524 HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-39523 HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-39522 HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-39521 HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-39520 HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-39519 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2024-39562 HIGH This Week

A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-39560 HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2024-39559 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS Evolved may allow a network-based unauthenticated attacker to crash the device. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
8.2
EPSS
0.4%
CVE-2024-39558 HIGH This Week

An Unchecked Return Value vulnerability in the Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows a logically adjacent, unauthenticated attacker. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-39557 HIGH This Week

An Uncontrolled Resource Consumption vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2024-39556 HIGH This Week

A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a. Rated high severity (CVSS 7.1). No vendor patch available.

Juniper Buffer Overflow Stack Overflow RCE Denial Of Service +2
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2024-39555 HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-39554 HIGH This Week

A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.2
EPSS
0.4%
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Remote denial-of-service in Juniper Networks Junos OS and Junos OS Evolved 25.2 (before 25.2R2 / 25.2R2-EVO) lets an adjacent, unauthenticated BGP peer crash the routing protocol daemon (RPD) by sending a single malformed non-inet/inet6 unicast BGP update over an already-established session. The RPD crash-and-restart produces a full routing outage until reconvergence completes, though the crash occurs before the update is readvertised so there is no downstream propagation to other routers. CVSS 4.0 base score is 7.1; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Juniper Denial Of Service Junos +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Memory exhaustion in Juniper Networks Junos OS and Junos OS Evolved snmpd allows an authenticated network attacker to crash SNMP monitoring by sending specific valid SNMPv3 queries that trigger an out-of-bounds write and progressive memory leak. The snmpd process will exhaust available memory over time, crash, and restart, rendering SNMP-based network monitoring unavailable for the duration of each crash cycle. No public exploit code has been identified at time of analysis, and this is not listed in CISA KEV; however, the CVSS 4.0 supplemental metric AU:Y indicates the attack is automatable.

Memory Corruption Juniper Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Denial-of-service in Juniper Junos OS Evolved on PTX Series routers lets an unauthenticated network attacker crash the advanced forwarding toolkit process (evo-aftmand) on the Packet Forwarding Engine by driving continuous routing updates that produce unified-list (unilist) ECMP routes. The resulting internal state corruption generates an evo-aftmand-bx core and halts forwarding, requiring a manual FPC restart or system reboot to recover. No public exploit identified at time of analysis; the vendor (Juniper SIRT) notes successful exploitation depends on a sequence of events outside the attacker's direct control, so this is a high-CVSS availability issue rather than a trivially reproducible one.

Juniper Denial Of Service Junos Os Evolved
NVD VulDB
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Traffic forwarding on Juniper QFX Series switches running Junos OS Evolved can be fully disrupted by an adjacent, unauthenticated attacker exploiting a race condition in the sFlow collector handler. When sFlow collector reachability changes trigger a next-hop entry update concurrently with the sFlow thread reading that same next-hop data, the evo-pfemand process crashes and all packet forwarding halts until the process automatically restarts. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog at time of analysis, but the availability impact is severe for any network segment relying on the affected switch.

Juniper Denial Of Service Junos Os Evolved
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

License exhaustion in Juniper Networks Junos OS Evolved lets an unauthenticated, network-based attacker reach the device's license-management process, which was intended to be internal-only but is exposed on an open network port due to incorrect initialization. All Junos OS Evolved releases before 23.2R2-EVO are affected. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the low attack complexity and lack of authentication make it a credible network-facing denial-of-service risk to affected routing/switching platforms.

Authentication Bypass Juniper Junos Os Evolved
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Denial-of-service in Juniper Networks Junos OS and Junos OS Evolved on EX Series, QFX Series, and MX Series allows a local, low-privileged attacker to crash the l2ald (Layer 2 Address Learning Daemon) by issuing a specific 'show l2-learning' CLI command, disrupting all Layer 2 services until the process automatically restarts. The root cause is a Return of Pointer Value Outside of Expected Range flaw (CWE-466) in the fileio library. No public exploit has been identified at time of analysis, and active exploitation has not been confirmed by CISA or the vendor.

Juniper Denial Of Service Junos Os +1
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Junos OS Evolved exposes an internal communication process to the network via an unintended open port due to incorrect initialization, enabling unauthenticated remote attackers to interact with a service never designed for external access. Affected Juniper devices suffer limited information disclosure and elevated CPU consumption as the misbound process handles unsolicited ingress packets - a soft availability degradation rather than a crash. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but the unauthenticated network vector across a broad version range warrants prompt patching on internet-facing routing infrastructure.

Juniper Information Disclosure Junos Os Evolved
NVD VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Local privilege escalation in Juniper Networks Junos OS Evolved on PTX Series routers allows authenticated users with low privileges to gain high-privileged direct access to Flexible PIC Concentrators (FPCs), enabling potential full compromise of affected line cards. Impacts PTX10004, PTX10008, PTX10016 with JNP10K-LC1201 or JNP10K-LC1202 line cards across multiple firmware branches. Missing authentication on critical FPC management functions permits unauthorized privilege elevation. No public exploit identified at time of analysis.

Authentication Bypass Juniper Junos Os Evolved
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Repeated telemetry collector subscriptions in Juniper Junos OS and Junos OS Evolved trigger a use-after-free vulnerability in the chassis daemon, allowing authenticated network attackers to crash critical processes and cause denial of service. Affected versions prior to 22.4R3-S8, 23.2R2-S5, and 23.4R2 are vulnerable when telemetry-capable daemons experience continuous sensor subscription cycles. No patch is currently available, leaving affected systems exposed until updates are released.

Juniper Use After Free Denial Of Service +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

MAC learning failures in Juniper Junos OS Evolved's Layer 2 Control Protocol Daemon can be triggered by a network-adjacent attacker who repeatedly toggles the management interface, causing label-switched interface MAC address learning to halt while generating excessive logs and consuming high CPU resources. This calculation error (CWE-682) affects availability through denial of service and currently has no available patch. The attack requires network adjacency but no authentication or user interaction.

Juniper Junos Os Evolved
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Denial of service in Juniper Junos OS and Junos OS Evolved allows an adjacent IS-IS neighbor to trigger a memory leak in the routing protocol daemon by sending specially crafted update packets. Repeated exploitation exhausts available memory and crashes the rpd process, rendering routing unavailable. No patch is currently available.

Juniper Denial Of Service Junos Os Evolved +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Juniper Junos OS and Junos OS Evolved contain a use-after-free vulnerability in the 802.1X authentication daemon that allows authenticated, network-adjacent attackers to crash the process or achieve arbitrary code execution as root by triggering specific port state changes. Exploitation requires precise timing of a change-of-authorization event during port transitions, making reliable exploitation difficult but possible. Systems with 802.1X port-based network access control enabled are affected, and no patch is currently available.

Juniper Use After Free Denial Of Service +2
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an availability impact for downstream devices. When an affected device receives a specific optional, transitive BGP attribute over an existing BGP session, it will be erroneously modified before propagation to peers. When the attribute is detected as malformed by the peers, these...

Juniper Junos Junos Os Evolved
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). [CVSS 7.5 HIGH]

Juniper Buffer Overflow Denial Of Service +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to write to the Unix socket used to manage the jdhcpd process, resulting in complete control over the resource. This vulnerability allows any low-privileged user logged into the system to connect to the Unix socket and issue commands to manage the DHCP service, in essence, taking administrative control...

Juniper Junos Junos Os Evolved
NVD
EPSS 0% CVSS 7.4
HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Denial of Service (DoS) on the downstream DHCP server. By default, the DHCP relay agent inserts its own Option 82 information when forwarding client requests, optionally replacing any Option 82 information provided by the client. When a speci...

Juniper Denial Of Service Junos +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial-of-Service (DoS). [CVSS 5.5 MEDIUM]

Juniper Denial Of Service Junos +1
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

A security vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local (CVSS 5.1). Remediation should follow standard vulnerability management procedures.

Information Disclosure Juniper Junos +1
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root. When a user provides specifically crafted arguments to the 'request system logout' command, these will be executed as root on the shell, which can completely compromise the device. This issue affects: Junos OS:  * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S8, * 22.2 versions before 22.2R3-S6, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S1, * 23.4 versions before 23.4R1-S2, 23.4R2; Junos OS Evolved: * all versions before 22.4R3-S6-EVO, * 23.2-EVO versions before 23.2R2-S1-EVO, * 23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO.

Juniper Command Injection Junos +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device. When RIB sharding is enabled and a user executes one of several routing related 'show' commands, a certain amount of memory is leaked. When all available memory has been consumed rpd will crash and restart. The leak can be monitored with the CLI command: show task memory detail | match task_shard_mgmt_cookie where the allocated memory in bytes can be seen to continuously increase with each exploitation. This issue affects: Junos OS: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S11, * 22.2 versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S4,  * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2, * 24.4 versions before 24.4R1-S2, 24.4R2; Junos OS Evolved: * all versions before 22.2R3-S7-EVO * 22.4-EVO versions before 22.4R3-S7-EVO, * 23.2-EVO versions before 23.2R2-S4-EVO, * 23.4-EVO versions before 23.4R2-S4-EVO, * 24.2-EVO versions before 24.2R2-EVO,  * 24.4-EVO versions before 24.4R2-EVO.

Juniper Denial Of Service Junos Os Evolved +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

CVE-2025-52985 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Juniper Authentication Bypass Junos Os Evolved
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device. When static route points to a reject next hop and a gNMI query is processed for that static route, rpd crashes and restarts. This issue affects: Junos OS:  * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10,  * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R1-S2, 24.2R2; Junos OS Evolved: * all versions before 22.4R3-S7-EVO, * 23.2-EVO versions before 23.2R2-S3-EVO, * 23.4-EVO versions before 23.4R2-S4-EVO, * 24.2-EVO versions before 24.2R2-EVO.

Juniper Null Pointer Dereference Denial Of Service +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When the device receives a specific BGP UPDATE packet, the rpd crashes and restarts. Continuous receipt of this specific packet will cause a sustained DoS condition. For the issue to occur, BGP multipath with "pause-computation-during-churn" must be configured on the device, and the attacker must send the paths via a BGP UPDATE from a established BGP peer. This issue affects: Junos OS: * All versions before 21.4R3-S7, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S5, * from 23.2 before 23.2R2, * from 23.4 before 23.4R2. Junos OS Evolved: * All versions before 21.4R3-S7-EVO, * from 22.3 before 22.3R3-S3-EVO, * from 22.4 before 22.4R3-S5-EVO, * from 23.2 before 23.2R2-EVO, * from 23.4 before 23.4R2-EVO.

Juniper Denial Of Service Junos Os Evolved +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).On all Junos OS and Junos OS Evolved devices, when route validation is enabled, a rare condition during BGP initial session establishment can lead to an rpd crash and restart. This occurs specifically when the connection request fails during error-handling scenario. Continued session establishment failures leads to a sustained DoS condition.  This issue affects Junos OS: * All versions before 22.2R3-S6, * from 22.4 before 22.4R3-S6, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2; Junos OS Evolved: * All versions before 22.2R3-S6-EVO, * from 22.4 before 22.4R3-S6-EVO, * from 23.2 before 23.2R2-S3-EVO, * from 23.4 before 23.4R2-S4-EVO, * from 24.2 before 24.2R2-EVO.

Juniper Denial Of Service Junos Os Evolved +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a memory corruption that leads to a rpd crash.  When the logical interface using a routing instance flaps continuously, specific updates are sent to the jflow/sflow modules. This results in memory corruption, leading to an rpd crash and restart.  Continued receipt of these specific updates will cause a sustained Denial of Service condition. This issue affects Junos OS: * All versions before 21.2R3-S9, * All versions of 21.4, * All versions of 22.2, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2. Junos OS Evolved:  * All versions of 21.2-EVO,  * All versions of 21.4-EVO,  * All versions of 22.2-EVO,  * from 22.4 before 22.4R3-S7-EVO,  * from 23.2 before 23.2R2-S3-EVO,  * from 23.4 before 23.4R2-S4-EVO,  * from 24.2 before 24.2R2-EVO.

Denial Of Service Juniper Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A command injection vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.

Juniper Information Disclosure Junos Os Evolved
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An Expected Behavior Violation vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPDATE packet to cause a BGP session reset, resulting in a Denial of Service (DoS).  Continuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects iBGP and eBGP and both IPv4 and IPv6 are affected by this vulnerability. This issue affects Junos OS: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S11, * from 22.2 before 22.2R3-S7, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2, * from 24.4 before 24.4R1-S3, 24.4R2 Junos OS Evolved: * All versions before 22.2R3-S7-EVO, * from 22.4-EVO before 22.4R3-S7-EVO, * from 23.2-EVO before 23.2R2-S4-EVO, * from 23.4-EVO before 23.4R2-S4-EVO, * from 24.2-EVO before 24.2R2-EVO, * from 24.4-EVO before 24.4R1-S3-EVO, 24.4R2-EVO.

Juniper Denial Of Service Junos Os Evolved +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Only systems configured for Ethernet Virtual Private Networking (EVPN) signaling are vulnerable to this issue.  This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.This issue affects: Junos OS:  * all versions before 21.4R3-S11,  * from 22.2 before 22.2R3-S7,  * from 22.4 before 22.4R3-S7,  * from 23.2 before 23.2R2-S4,  * from 23.4 before 23.4R2-S5,  * from 24.2 before 24.2R2-S1,  * from 24.4 before 24.4R1-S3, 24.4R2;  Junos OS Evolved:  * all versions before 22.2R3-S7-EVO,  * from 22.4-EVO before 22.4R3-S7-EVO,  * from 23.2-EVO before 23.2R2-S4-EVO,  * from 23.4-EVO before 23.4R2-S5-EVO,  * from 24.2-EVO before 24.2R2-S1-EVO,  * from 24.4-EVO before 24.4R1-S3-EVO, 24.4R2-EVO.

Juniper Denial Of Service Junos +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A denial of service vulnerability (CVSS 7.5) that allows an attacker sending a bgp update with a specifically malformed as path. High severity vulnerability requiring prompt remediation.

Juniper Use After Free Denial Of Service +3
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos +1
NVD VulDB
EPSS 0% CVSS 6.0
MEDIUM This Month

An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker executing a CLI. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos +1
NVD VulDB
EPSS 0% CVSS 8.7
HIGH This Week

A Buffer Access with Incorrect Length Value vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

An Improper Input Validation vulnerability in the Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause the jdhcpd. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos +1
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos +1
NVD
EPSS 0% CVSS 8.7
HIGH This Month

This is a similar, but different vulnerability than the issue reported as CVE-2024-39549. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos +1
NVD
EPSS 1% CVSS 8.2
HIGH This Month

An Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved's routing protocol daemon (rpd) allows an unauthenticated, network-based attacker to send malformed BGP packets. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Juniper +2
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Month

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos +1
NVD
EPSS 0% CVSS 7.1
HIGH This Month

An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +3
NVD
EPSS 0% CVSS 8.7
HIGH This Month

A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Tunnel Driver (jtd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
EPSS 0% CVSS 7.1
HIGH This Month

An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
EPSS 0% CVSS 7.1
HIGH This Week

An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
EPSS 1% CVSS 8.7
HIGH This Week

An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
EPSS 1% CVSS 8.7
HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

An Unimplemented or Unsupported Feature in UI vulnerability in the CLI of Juniper Networks Junos OS Evolved on QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos Os Evolved
NVD
EPSS 0% CVSS 8.4
HIGH This Week

An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated attacker with shell access to gain full control of the device when Dual Routing Engines (REs) are in. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos Os Evolved
NVD
EPSS 1% CVSS 8.2
HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Juniper Denial Of Service Junos +1
NVD
EPSS 1% CVSS 7.7
HIGH This Week

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
EPSS 1% CVSS 6.9
MEDIUM This Month

An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files,. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Juniper Junos Os Evolved
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos Os Evolved
NVD
EPSS 0% CVSS 7.1
HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C lines cards,. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved +1
NVD
EPSS 0% CVSS 8.7
HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos +1
NVD
EPSS 0% CVSS 8.7
HIGH This Week

An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Juniper +3
NVD
EPSS 0% CVSS 8.7
HIGH This Week

An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos +1
NVD
EPSS 0% CVSS 6.9
MEDIUM POC This Month

An Exposure of Resource to Wrong Sphere vulnerability in the sampling service of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to send arbitrary data to the. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Juniper Denial Of Service +1
NVD
EPSS 1% CVSS 8.7
HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos +1
NVD
EPSS 0% CVSS 8.7
HIGH This Week

A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to consume memory resources, resulting. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
EPSS 0% CVSS 7.0
HIGH This Week

A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Juniper +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A Buffer Copy without Checking Size of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Juniper Denial Of Service +2
NVD
EPSS 0% CVSS 8.7
HIGH This Week

An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A Buffer Copy without Checking Size of Input vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Juniper Junos Os Evolved
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network-based attacker to cause. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos Os Evolved
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, adjacent. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos +1
NVD
EPSS 0% CVSS 8.7
HIGH This Week

An Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos Os Evolved
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Juniper Denial Of Service +3
NVD
EPSS 0% CVSS 8.5
HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
EPSS 0% CVSS 8.5
HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
EPSS 0% CVSS 8.5
HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
EPSS 0% CVSS 8.5
HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
EPSS 0% CVSS 8.5
HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
EPSS 0% CVSS 7.1
HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos Os Evolved
NVD
EPSS 0% CVSS 8.7
HIGH This Week

A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
EPSS 0% CVSS 7.1
HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos +1
NVD
EPSS 0% CVSS 8.2
HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS Evolved may allow a network-based unauthenticated attacker to crash the device. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
EPSS 0% CVSS 7.1
HIGH This Week

An Unchecked Return Value vulnerability in the Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows a logically adjacent, unauthenticated attacker. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

An Uncontrolled Resource Consumption vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a. Rated high severity (CVSS 7.1). No vendor patch available.

Juniper Buffer Overflow Stack Overflow +4
NVD
EPSS 1% CVSS 8.7
HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos +1
NVD
EPSS 0% CVSS 8.2
HIGH This Week

A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Juniper Denial Of Service +2
NVD
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy