The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Juniper Junos Space

vulnerability note CVE-2018-12020

GnuPG: creation of fake status messages

Synthesis of the vulnerability

An attacker can create fake status messages in GnuPG, in order to deceive the victime.
Impacted products: Debian, Fedora, GnuPG, Junos Space, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Creation date: 08/06/2018.
Revision date: 02/05/2019.
Identifiers: bulletinjul2018, CVE-2018-12020, DSA-4222-1, DSA-4223-1, FEDORA-2018-4ef71d3525, FEDORA-2018-69780fc4d7, FEDORA-2018-a4e13742b4, JSA10917, openSUSE-SU-2018:1706-1, openSUSE-SU-2018:1708-1, openSUSE-SU-2018:1722-1, openSUSE-SU-2018:1724-1, RHSA-2018:2180-01, RHSA-2018:2181-01, SSA:2018-159-01, SSA:2018-170-01, SUSE-SU-2018:1696-1, SUSE-SU-2018:1698-1, SUSE-SU-2018:2243-1, T4012, USN-3675-1, USN-3675-2, USN-3675-3, USN-3964-1, VIGILANCE-VUL-26364.

Description of the vulnerability

An attacker can create fake status messages in GnuPG, in order to deceive the victime.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-0032

Junos Space: information disclosure via Plaintext Password

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Plaintext Password of Junos Space, in order to obtain sensitive information.
Impacted products: Junos Space.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 11/04/2019.
Identifiers: CERTFR-2019-AVI-161, CVE-2019-0032, JSA10921, VIGILANCE-VUL-29010.

Description of the vulnerability

An attacker can bypass access restrictions to data via Plaintext Password of Junos Space, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-5739

Node Core: denial of service via Keep-alive HTTP

Synthesis of the vulnerability

An attacker can trigger a fatal error via Keep-alive HTTP of Node Core, in order to trigger a denial of service.
Impacted products: IBM i, Junos Space, Nodejs Core, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 01/03/2019.
Identifiers: CERTFR-2019-AVI-325, CVE-2019-5739, ibm10787619, JSA10951, openSUSE-SU-2019:1076-1, openSUSE-SU-2019:1173-1, SUSE-SU-2019:0658-1, SUSE-SU-2019:0818-1, VIGILANCE-VUL-28633.

Description of the vulnerability

An attacker can trigger a fatal error via Keep-alive HTTP of Node Core, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2019-6133

PolicyKit: privilege escalation via Start Time Bypass

Synthesis of the vulnerability

An attacker can bypass restrictions via Start Time Bypass of PolicyKit, in order to escalate his privileges.
Impacted products: Debian, Junos Space, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user account.
Creation date: 28/01/2019.
Identifiers: CERTFR-2019-AVI-091, CERTFR-2019-AVI-098, CERTFR-2019-AVI-115, CERTFR-2019-AVI-325, CVE-2019-6133, DLA-1644-1, DLA-1799-1, DLA-1799-2, JSA10951, openSUSE-SU-2019:1914-1, RHSA-2019:0230-01, RHSA-2019:0420-01, RHSA-2019:0832-01, RHSA-2019:2699-01, SUSE-SU-2019:2018-1, SUSE-SU-2019:2035-1, USN-3901-1, USN-3901-2, USN-3903-1, USN-3903-2, USN-3908-1, USN-3908-2, USN-3910-1, USN-3910-2, USN-3934-1, USN-3934-2, VIGILANCE-VUL-28381.

Description of the vulnerability

An attacker can bypass restrictions via Start Time Bypass of PolicyKit, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2019-0017

Junos Space: file upload via Device Image

Synthesis of the vulnerability

An attacker can upload a malicious file via Device Image on Junos Space, in order for example to upload a Trojan.
Impacted products: Junos Space.
Severity: 2/4.
Consequences: user access/rights.
Provenance: user account.
Creation date: 10/01/2019.
Identifiers: CERTFR-2019-AVI-014, CVE-2019-0017, JSA10917, VIGILANCE-VUL-28231.

Description of the vulnerability

An attacker can upload a malicious file via Device Image on Junos Space, in order for example to upload a Trojan.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-0016

Junos Space: denial of service via Device Delete

Synthesis of the vulnerability

An attacker can trigger a fatal error via Device Delete of Junos Space, in order to trigger a denial of service.
Impacted products: Junos Space.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: user account.
Creation date: 10/01/2019.
Identifiers: CERTFR-2019-AVI-014, CVE-2019-0016, JSA10917, VIGILANCE-VUL-28230.

Description of the vulnerability

An attacker can trigger a fatal error via Device Delete of Junos Space, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-0047

Junos Space Security Director: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Junos Space Security Director, in order to run JavaScript code in the context of the web site.
Impacted products: Junos Space.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 11/10/2018.
Identifiers: CERTFR-2018-AVI-487, CVE-2018-0047, JSA10881, VIGILANCE-VUL-27468.

Description of the vulnerability

The Junos Space Security Director product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Junos Space Security Director, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-0046

Junos Space: Cross Site Scripting via OpenNMS

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via OpenNMS of Junos Space, in order to run JavaScript code in the context of the web site.
Impacted products: Junos Space, Junos Space Network Management Platform.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 11/10/2018.
Identifiers: CERTFR-2018-AVI-487, CVE-2018-0046, JSA10880, VIGILANCE-VUL-27467.

Description of the vulnerability

The Junos Space product offers a web service.

However, it does not filter received data via OpenNMS before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via OpenNMS of Junos Space, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-14634

Linux kernel: integer overflow via create_elf_tables

Synthesis of the vulnerability

An attacker can generate an integer overflow via create_elf_tables() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, BIG-IP Hardware, TMOS, Junos Space, Linux, Palo Alto Firewall PA***, PAN-OS, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 26/09/2018.
Identifiers: CERTFR-2018-AVI-457, CERTFR-2018-AVI-459, CERTFR-2018-AVI-460, CERTFR-2018-AVI-462, CERTFR-2018-AVI-478, CERTFR-2018-AVI-480, CERTFR-2018-AVI-567, CERTFR-2019-AVI-188, CERTFR-2019-AVI-242, CVE-2018-14634, DLA-1529-1, JSA10917, K20934447, PAN-SA-2019-0006, RHSA-2018:2748-01, RHSA-2018:2763-01, RHSA-2018:2846-01, RHSA-2018:2924-01, RHSA-2018:2925-01, RHSA-2018:2933-01, RHSA-2018:3540-01, RHSA-2018:3586-01, RHSA-2018:3590-01, RHSA-2018:3591-01, RHSA-2018:3643-01, SUSE-SU-2018:2879-1, SUSE-SU-2018:2907-1, SUSE-SU-2018:2908-1, SUSE-SU-2018:2908-2, SUSE-SU-2018:3083-1, SUSE-SU-2018:3088-1, USN-3775-1, USN-3775-2, USN-3779-1, VIGILANCE-VUL-27320.

Description of the vulnerability

An attacker can generate an integer overflow via create_elf_tables() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-10904 CVE-2018-10907 CVE-2018-10911

GlusterFS: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of GlusterFS.
Impacted products: Debian, Fedora, Junos Space, RHEL.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 11.
Creation date: 12/09/2018.
Identifiers: CVE-2018-10904, CVE-2018-10907, CVE-2018-10911, CVE-2018-10913, CVE-2018-10914, CVE-2018-10923, CVE-2018-10926, CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, DLA-1510-1, FEDORA-2018-4e660226e7, FEDORA-2018-9a4d7ec61e, JSA10917, RHSA-2018:2892-01, RHSA-2018:3242-01, VIGILANCE-VUL-27211.

Description of the vulnerability

An attacker can use several vulnerabilities of GlusterFS.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Juniper Junos Space: