Total
78 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-21907 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 5.9 MEDIUM |
|
A Use of a Broken or Risky Cryptographic Algorithm vulnerability in the TLS/SSL server of Juniper Networks Junos Space allows the use of static key ciphers (ssl-static-key-ciphers), reducing the confidentiality of on-path traffic communicated across the connection. These ciphers also do not support Perfect Forward Secrecy (PFS), affecting the long-term confidentiality of encrypted communications.This issue affects all versions of Junos Space before 24.1R5.
|
|||||
| CVE-2024-39563 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 7.3 HIGH |
|
A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the Junos Space Appliance, leading to remote command execution by the web application, gaining complete control of the device.
A specific script in the Junos Space web application allows attacker-controlled input from a GET request without sufficient input sanitization. A specially crafted request can explo ...
Show More |
|||||
| CVE-2025-60009 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the
CLI Configlet
page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
|
|||||
| CVE-2025-60001 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
|
|||||
| CVE-2025-60002 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Template Definitions page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
|
|||||
| CVE-2025-59995 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Quick Template page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
|
|||||
| CVE-2025-59996 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Configuration View page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
|
|||||
| CVE-2025-59997 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the CLI Configlets pages that, when visited by another user, enable the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
|
|||||
| CVE-2025-59998 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Archive Log screen that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
|
|||||
| CVE-2025-59999 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the API Access Profiles page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
|
|||||
| CVE-2025-60000 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
|
|||||
| CVE-2025-59989 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Discovery page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
|
|||||
| CVE-2025-59990 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the template creation pages that, when visited by another user, enable the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
|
|||||
| CVE-2025-59991 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Management pages that, when visited by another user, enable the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
|
|||||
| CVE-2025-59992 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Secure Console page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
|
|||||
| CVE-2025-59993 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Space Node Setting fields that, when visited by another user, enable the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
|
|||||
| CVE-2025-59994 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Quick Template page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
|
|||||
| CVE-2025-59983 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Template Definition page, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4.
|
|||||
| CVE-2025-59984 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in Global Search that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4.
|
|||||
| CVE-2025-59985 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in a field on the Purging Policy page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4.
|
|||||
| CVE-2025-59986 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the input fields in Model Devices that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4.
|
|||||
| CVE-2025-59987 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the arbitrary device search field that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4.
|
|||||
| CVE-2025-59988 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
|
|||||
| CVE-2025-59976 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.5 MEDIUM |
|
An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker can gain access to files beyond the file path normally allowed by the JBoss daemon. These files could contain sensitive information restricted from access by low-privileged users.This issue affects all versions of Junos Space before 24.1R3.
|
|||||
| CVE-2025-59978 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 9.0 CRITICAL |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to store script tags directly in web pages that, when viewed by another user, enable the attacker to execute commands with the target's administrative permissions.
This issue affects all versions of Junos Space before 24.1R4.
|
|||||
| CVE-2025-59981 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Template Definition page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4.
|
|||||
| CVE-2025-59982 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 6.1 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the dashboard search field that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4.
|
|||||
| CVE-2025-59975 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 7.5 HIGH |
|
An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks Junos Space allows an unauthenticated network-based attacker flooding the device with inbound API calls to consume all resources on the system, leading to a Denial of Service (DoS).
After continuously flooding the system with inbound connection requests, all available file handles become consumed, blocking access to the system via SSH and the web user interface (WebUI), resulting in a management in ...
Show More |
|||||
| CVE-2017-2310 | 1 Juniper | 1 Junos Space | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A firewall bypass vulnerability in the host based firewall of Juniper Networks Junos Space versions prior to 16.1R1 may permit certain crafted packets, representing a network integrity risk.
|
|||||
| CVE-2016-4926 | 1 Juniper | 1 Junos Space | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication.
|
|||||
| CVE-2016-4929 | 1 Juniper | 1 Junos Space | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
|
Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user.
|
|||||
| CVE-2017-10622 | 1 Juniper | 1 Junos Space | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. This issue only affects Junos Space Network Management Platform 17.1R1 without Patch v1 and 16.1 releases prior to 16.1R3. This issue was found by an external security researcher.
|
|||||
| CVE-2017-10623 | 1 Juniper | 1 Junos Space | 2025-04-20 | 6.8 MEDIUM | 7.1 HIGH |
|
Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.
|
|||||
| CVE-2017-2306 | 1 Juniper | 1 Junos Space | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device.
|
|||||
| CVE-2016-4931 | 1 Juniper | 1 Junos Space | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service.
|
|||||
| CVE-2017-2305 | 1 Juniper | 1 Junos Space | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation.
|
|||||
| CVE-2016-4930 | 1 Juniper | 1 Junos Space | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions.
|
|||||
| CVE-2016-4928 | 1 Juniper | 1 Junos Space | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space.
|
|||||
| CVE-2016-1265 | 1 Juniper | 1 Junos Space | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected.
|
|||||
| CVE-2017-2308 | 1 Juniper | 1 Junos Space | 2025-04-20 | 5.0 MEDIUM | 6.5 MEDIUM |
|
An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device.
|
|||||