Skip to main content

Junos Space

52 CVEs product

Monthly

CVE-2026-21904 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in Juniper Networks Junos Space allows unauthenticated remote attackers to inject malicious script tags into the list filter field, which execute with the permissions of any user who views the affected page, including administrators. All versions before 24.1R5 Patch V3 are vulnerable. No public exploit code or active exploitation has been identified at time of analysis.

XSS Juniper Junos Space
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-21907 MEDIUM This Month

Junos Space versions up to 24.1 is affected by use of a broken or risky cryptographic algorithm (CVSS 5.9).

Juniper TLS Junos Space
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2024-39563 MEDIUM This Month

A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Juniper Junos Space
NVD
CVSS 4.0
6.9
EPSS
1.3%
CVE-2021-0220 MEDIUM This Month

The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Juniper Junos Space
NVD
CVSS 3.1
6.8
EPSS
1.2%
CVE-2020-1611 MEDIUM This Month

A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos Space
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-0017 HIGH This Week

The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper File Upload Junos Space
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2019-0016 MEDIUM This Month

A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos Space
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-0047 MEDIUM This Month

A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Juniper Junos Space
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-0046 MEDIUM PATCH This Month

A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Juniper Junos Space
NVD GitHub
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-0013 MEDIUM PATCH This Month

A local file inclusion vulnerability in Juniper Networks Junos Space Network Management Platform may allow an authenticated user to retrieve files from the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Juniper Junos Space
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-0012 HIGH This Week

Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Juniper Junos Space
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-0011 MEDIUM PATCH This Month

A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Juniper Junos Space
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-0010 MEDIUM PATCH This Month

A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Juniper Junos Space
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2017-10624 HIGH This Week

Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Juniper Junos Space
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-10623 HIGH This Week

Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Juniper Junos Space
NVD
CVSS 3.0
7.1
EPSS
0.2%
CVE-2017-10622 CRITICAL Act Now

An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 21.5% and no vendor patch available.

Authentication Bypass Juniper Junos Space
NVD
CVSS 3.0
9.8
EPSS
21.5%
CVE-2017-10612 HIGH This Week

A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Juniper Junos Space
NVD
CVSS 3.0
8.0
EPSS
0.4%
CVE-2016-1265 CRITICAL Act Now

A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Juniper CSRF Information Disclosure Command Injection +1
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2017-2311 MEDIUM This Month

On Juniper Networks Junos Space versions prior to 16.1R1, an unauthenticated remote attacker with network access to Junos space device can easily create a denial of service condition. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Space
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2017-2310 MEDIUM This Month

A firewall bypass vulnerability in the host based firewall of Juniper Networks Junos Space versions prior to 16.1R1 may permit certain crafted packets, representing a network integrity risk. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos Space
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-2309 MEDIUM This Month

On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Juniper Information Disclosure Junos Space
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-2308 MEDIUM This Month

An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Juniper Junos Space
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-2307 MEDIUM This Month

A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Juniper Junos Space
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-2306 HIGH This Week

On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos Space
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-2305 HIGH This Week

On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Privilege Escalation Junos Space
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2016-4931 MEDIUM This Month

XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service XXE Juniper Junos Space
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-4930 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Juniper Junos Space
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-4929 HIGH This Week

Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Juniper Command Injection Junos Space
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2016-4928 HIGH This Week

Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Juniper Junos Space
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-4927 HIGH This Week

Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Juniper Information Disclosure Junos Space
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2016-4926 CRITICAL Act Now

Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos Space
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2015-2620 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Ubuntu Linux Debian Linux Solaris +3
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2015-3209 HIGH Act Now

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.6% and no vendor patch available.

Memory Corruption Buffer Overflow RCE Qemu Junos Space +16
NVD
CVSS 2.0
7.5
EPSS
20.6%
CVE-2015-0501 MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Junos Space MySQL Debian Linux +11
NVD
CVSS 2.0
5.7
EPSS
1.7%
CVE-2014-6559 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Junos Space MariaDB Solaris +5
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2014-6500 HIGH PATCH This Week

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris Junos Space MariaDB +1
NVD
CVSS 2.0
7.5
EPSS
2.3%
CVE-2014-6496 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Junos Space Solaris MariaDB +5
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-6495 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle MySQL Solaris Junos Space +5
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-6494 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle MariaDB Solaris Junos Space +5
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-6491 HIGH PATCH This Week

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL Junos Space MariaDB +1
NVD
CVSS 2.0
7.5
EPSS
2.3%
CVE-2014-6478 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Junos Space MySQL Solaris +5
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-3412 CRITICAL Act Now

Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when the firewall in disabled, allows remote attackers to execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos Space Junos Space Ja1500 Appliance Junos Space Ja2500 Appliance
NVD
CVSS 2.0
10.0
EPSS
1.9%
CVE-2014-2421 CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Oracle Ubuntu Linux Jrockit +5
NVD VulDB
CVSS 2.0
10.0
EPSS
5.9%
CVE-2014-0460 MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Java Oracle Jrockit Ubuntu Linux +4
NVD VulDB
CVSS 2.0
5.8
EPSS
2.6%
CVE-2014-0457 CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.2% and no vendor patch available.

Information Disclosure Java Oracle Jrockit Ubuntu Linux +5
NVD VulDB
CVSS 2.0
10.0
EPSS
11.2%
CVE-2014-0456 CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Oracle Ubuntu Linux Jrockit +5
NVD VulDB
CVSS 2.0
10.0
EPSS
5.9%
CVE-2014-0453 MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Java Oracle Jrockit Ubuntu Linux +5
NVD VulDB
CVSS 2.0
4.0
EPSS
2.4%
CVE-2014-0429 CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Oracle Ubuntu Linux Jrockit +5
NVD VulDB
CVSS 2.0
10.0
EPSS
6.9%
CVE-2013-5097 MEDIUM PATCH This Month

Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Juniper Junos Space Junos Space Virtual Appliance Junos Space Ja1500 Appliance
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-5096 MEDIUM This Month

Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly implement role-based access control, which allows remote authenticated users to modify. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Juniper Junos Space Junos Space Virtual Appliance Junos Space Ja1500 Appliance
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-5095 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web-based interface in Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Juniper XSS Junos Space Junos Space Virtual Appliance Junos Space Ja1500 Appliance
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3497 MEDIUM This Month

Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance and in other contexts, includes a cleartext password in a configuration tab, which makes it easier for physically proximate. Rated medium severity (CVSS 4.7). No vendor patch available.

Juniper Authentication Bypass Junos Space Junos Space Virtual Appliance Junos Space Ja1500 Appliance
NVD
CVSS 2.0
4.7
EPSS
0.1%
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in Juniper Networks Junos Space allows unauthenticated remote attackers to inject malicious script tags into the list filter field, which execute with the permissions of any user who views the affected page, including administrators. All versions before 24.1R5 Patch V3 are vulnerable. No public exploit code or active exploitation has been identified at time of analysis.

XSS Juniper Junos Space
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Junos Space versions up to 24.1 is affected by use of a broken or risky cryptographic algorithm (CVSS 5.9).

Juniper TLS Junos Space
NVD
EPSS 1% CVSS 6.9
MEDIUM This Month

A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Juniper Junos Space
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Juniper +1
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos Space
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper File Upload Junos Space
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos Space
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Juniper Junos Space
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Juniper Junos Space
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A local file inclusion vulnerability in Juniper Networks Junos Space Network Management Platform may allow an authenticated user to retrieve files from the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Juniper Junos Space
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Juniper Junos Space
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Juniper +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Juniper Junos Space
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Juniper Junos Space
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Juniper Junos Space
NVD
EPSS 22% CVSS 9.8
CRITICAL Act Now

An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 21.5% and no vendor patch available.

Authentication Bypass Juniper Junos Space
NVD
EPSS 0% CVSS 8.0
HIGH This Week

A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Juniper Junos Space
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Juniper CSRF +3
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

On Juniper Networks Junos Space versions prior to 16.1R1, an unauthenticated remote attacker with network access to Junos space device can easily create a denial of service condition. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Space
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A firewall bypass vulnerability in the host based firewall of Juniper Networks Junos Space versions prior to 16.1R1 may permit certain crafted packets, representing a network integrity risk. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos Space
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Juniper Information Disclosure Junos Space
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Juniper Junos Space
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Juniper Junos Space
NVD
EPSS 1% CVSS 8.8
HIGH This Week

On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos Space
NVD
EPSS 0% CVSS 8.8
HIGH This Week

On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Privilege Escalation +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service XXE Juniper +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Juniper Junos Space
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Juniper Command Injection +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Juniper Junos Space
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Juniper Information Disclosure Junos Space
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos Space
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Ubuntu Linux +5
NVD
EPSS 21% CVSS 7.5
HIGH Act Now

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.6% and no vendor patch available.

Memory Corruption Buffer Overflow RCE +18
NVD
EPSS 2% CVSS 5.7
MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Junos Space +13
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Junos Space +7
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris +3
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Junos Space +7
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle MySQL +7
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle MariaDB +7
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL +3
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Junos Space +7
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when the firewall in disabled, allows remote attackers to execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos Space +2
NVD
EPSS 6% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Oracle +7
NVD VulDB
EPSS 3% CVSS 5.8
MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Java Oracle +6
NVD VulDB
EPSS 11% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.2% and no vendor patch available.

Information Disclosure Java Oracle +7
NVD VulDB
EPSS 6% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Oracle +7
NVD VulDB
EPSS 2% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Java Oracle +7
NVD VulDB
EPSS 7% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Oracle +7
NVD VulDB
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Juniper Junos Space +2
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly implement role-based access control, which allows remote authenticated users to modify. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Juniper Junos Space +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web-based interface in Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Juniper XSS Junos Space +2
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance and in other contexts, includes a cleartext password in a configuration tab, which makes it easier for physically proximate. Rated medium severity (CVSS 4.7). No vendor patch available.

Juniper Authentication Bypass Junos Space +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy