Every CVE whose affected-product data names Juniper Junos Space, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (79)
CVE-2014-2421 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to…
CVE-2014-0456 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect…
CVE-2014-0457 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows…
CVE-2014-3412 — CVSS 10.0 (critical): Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when the firewall in disabled, allows remote attackers to execute…
CVE-2014-0429 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote…
CVE-2016-4926 — CVSS 9.8 (critical): Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web…
CVE-2016-1265 — CVSS 9.8 (critical): A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to…
CVE-2017-10622 — CVSS 9.8 (critical): An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated…
CVE-2014-3413 — CVSS 9.8 (critical): The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote…
CVE-2025-59978 — CVSS 9.0 (critical): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2018-0046 — CVSS 8.8 (high): A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive…
CVE-2017-2306 — CVSS 8.8 (high): On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space…
CVE-2017-2305 — CVSS 8.8 (high): On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space…
CVE-2016-4929 — CVSS 8.8 (high): Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user.
CVE-2016-4928 — CVSS 8.8 (high): Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on…
CVE-2016-4927 — CVSS 8.1 (high): Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is…
CVE-2017-10612 — CVSS 8.0 (high): A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant…
CVE-2018-0047 — CVSS 8.0 (high): A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to…
CVE-2018-0012 — CVSS 7.8 (high): Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges.
CVE-2014-6500 — CVSS 7.5 (high): Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect…
CVE-2025-59975 — CVSS 7.5 (high): An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks Junos Space allows an unauthenticated…
CVE-2014-6491 — CVSS 7.5 (high): Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect…
CVE-2015-3209 — CVSS 7.5 (high): Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with…
CVE-2017-10624 — CVSS 7.5 (high): Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make…
CVE-2024-39563 — CVSS 7.3 (high): A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially…
CVE-2017-10623 — CVSS 7.1 (high): Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker…
CVE-2021-0220 — CVSS 6.8 (medium): The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the…
CVE-2020-1611 — CVSS 6.5 (medium): A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device…
CVE-2017-2308 — CVSS 6.5 (medium): An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to…
CVE-2018-0010 — CVSS 6.5 (medium): A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the…
CVE-2025-59976 — CVSS 6.5 (medium): An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker…
CVE-2018-0013 — CVSS 6.5 (medium): A local file inclusion vulnerability in Juniper Networks Junos Space Network Management Platform may allow an authenticated user to…
CVE-2019-0016 — CVSS 6.5 (medium): A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through…
CVE-2019-0017 — CVSS 6.5 (medium): The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading…
CVE-2025-59987 — CVSS 6.1 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2016-4930 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform…
CVE-2017-2307 — CVSS 6.1 (medium): A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may…
CVE-2025-59986 — CVSS 6.1 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2025-59988 — CVSS 6.1 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2025-59989 — CVSS 6.1 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2025-59990 — CVSS 6.1 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2025-59991 — CVSS 6.1 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2025-59992 — CVSS 6.1 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2025-59993 — CVSS 6.1 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2025-59994 — CVSS 6.1 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2025-59995 — CVSS 6.1 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2025-59996 — CVSS 6.1 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2025-59997 — CVSS 6.1 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2025-59998 — CVSS 6.1 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2025-59999 — CVSS 6.1 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2025-60000 — CVSS 6.1 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2025-60001 — CVSS 6.1 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2025-60002 — CVSS 6.1 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2025-60009 — CVSS 6.1 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2026-21904 — CVSS 6.1 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2025-59981 — CVSS 6.1 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2025-59982 — CVSS 6.1 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2025-59983 — CVSS 6.1 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2025-59984 — CVSS 6.1 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2025-59985 — CVSS 6.1 (medium): An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space…
CVE-2017-2309 — CVSS 5.9 (medium): On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some…
CVE-2026-21907 — CVSS 5.9 (medium): A Use of a Broken or Risky Cryptographic Algorithm vulnerability in the TLS/SSL server of Juniper Networks Junos Space allows the use of…
CVE-2014-0460 — CVSS 5.8 (medium): Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote…
CVE-2015-0501 — CVSS 5.7 (medium): Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect…
CVE-2018-0011 — CVSS 5.4 (medium): A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script…
CVE-2017-2310 — CVSS 5.3 (medium): A firewall bypass vulnerability in the host based firewall of Juniper Networks Junos Space versions prior to 16.1R1 may permit certain…
CVE-2017-2311 — CVSS 5.3 (medium): On Juniper Networks Junos Space versions prior to 16.1R1, an unauthenticated remote attacker with network access to Junos space device can…
CVE-2013-3497 — CVSS 4.7 (medium): Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance and in other contexts, includes a cleartext password in a…
CVE-2014-6495 — CVSS 4.3 (medium): Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability…
CVE-2014-6494 — CVSS 4.3 (medium): Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability…
CVE-2014-6478 — CVSS 4.3 (medium): Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity…
CVE-2014-6559 — CVSS 4.3 (medium): Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect…
CVE-2014-6496 — CVSS 4.3 (medium): Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability…
CVE-2013-5095 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the web-based interface in Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance…
CVE-2015-2620 — CVSS 4.3 (medium): Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect…
CVE-2014-0453 — CVSS 4.0 (medium): Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote…
CVE-2013-5097 — CVSS 4.0 (medium): Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list…
CVE-2013-5096 — CVSS 4.0 (medium): Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly implement role-based access…