More than 30 security flaws
across Juniper Networks' product portfolio, including its Contrail Networking and Junos OS, have been addressed last week, according to SecurityWeek.
Juniper Networks released two advisories noting 13 security flaws in the Contrail Networking software-defined networking solution, with the first advisory detailing bugs in Contrail Networking versions before 2011.L4, the most severe of which are an Apache HTTP Server heap overflow, tracked as CVE-2021-26691, and two buffer overflow bugs in Pillow, tracked as CVE-2021-25289 and CVE-2021-34552. Meanwhile, two critical flaws in Contrail Networking versions before 21.3 have been detailed in the second advisory, including a Git for Visual Studio remote code execution flaw, tracked as CVE-2019-1349, and a denial-of-service flaw, tracked as CVE-2015-8391. Fourteen flaws in Junos OS and Junos OS Evolved, ten of which are "high severity", have also been patched. While there has not been any indication that the flaws have been actively exploited, the Cybersecurity and Infrastructure Security Agency has urged for immediate patching.