Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-39528
Publication date:
11/07/2024
A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service (DoS).On all Junos OS and Junos Evolved platforms, if a routing-instance deactivation is triggered, and at the same time a specific SNMP request is received, a segmentation fault occurs which causes rpd to crash and restart.<br /> <br /> <br /> <br /> <br /> This issue affects:<br /> <br />    Junos OS:<br /> <br /> <br /> <br /> * All versions before 21.2R3-S8, <br /> * 21.4 versions before 21.4R3-S5,<br /> * 22.2 versions before 22.2R3-S3,<br /> * 22.3 versions before 22.3R3-S2,<br /> * 22.4 versions before 22.4R3,<br /> * 23.2 versions before 23.2R2.<br /> <br /> <br /> <br /> <br />   Junos OS Evolved:<br /> <br /> <br /> <br /> * All versions before 21.2R3-S8-EVO,<br /> * 21.4-EVO versions before 21.4R3-S5-EVO,<br /> * 22.2-EVO versions before 22.2R3-S3-EVO, <br /> * 22.3-EVO versions before 22.3R3-S2-EVO,<br /> * 22.4-EVO versions before 22.4R3-EVO,<br /> * 23.2-EVO versions before 23.2R2-EVO.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2024

CVE-2024-39529
Publication date:
11/07/2024
A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).<br /> <br /> <br /> <br /> If DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received this causes a PFE crash and restart, leading to a Denial of Service.<br /> <br /> This issue affects Junos OS: <br /> * All versions before 21.4R3-S6,<br /> * 22.2 versions before 22.2R3-S3,<br /> * 22.3 versions before 22.3R3-S3,<br /> * 22.4 versions before 22.4R3,<br /> * 23.2 versions before 23.2R2.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2024

CVE-2024-39530
Publication date:
11/07/2024
An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis management daemon (chassisd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a <br /> <br /> Denial-of-Service (DoS).<br /> <br /> If an attempt is made to access specific sensors on platforms not supporting these sensors, either via GRPC or netconf, chassisd will crash and restart leading to a restart of all FPCs and thereby a complete outage.<br /> <br /> This issue affects Junos OS:<br /> <br /> <br /> <br /> * 21.4 versions from 21.4R3 before 21.4R3-S5,<br /> * 22.1 versions from 22.1R3 before 22.1R3-S4,<br /> * 22.2 versions from 22.2R2 before 22.2R3,<br /> * 22.3 versions from 22.3R1 before 22.3R2-S2, 22.3R3,<br /> * 22.4 versions from 22.4R1 before 22.4R2.<br /> <br /> <br /> This issue does not affect Junos OS versions earlier than 21.4.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2024

CVE-2024-39904
Publication date:
11/07/2024
VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim&amp;#39;s system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example, file:///C:/WINDOWS/system32/cmd.exe. This allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as file:///C:/WINDOWS/system32/cmd.exe and file:///C:/WINDOWS/system32/calc.exe. This vulnerability can be exploited by creating and sharing specially crafted notes. An attacker could send a crafted note file and perform further attacks. This vulnerability is fixed in 3.18.1.
Severity CVSS v4.0: Pending analysis
Last modification:
11/07/2024

CVE-2024-39521
Publication date:
11/07/2024
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to &amp;#39;root&amp;#39; leading to a full compromise of the system.<br /> <br /> The Junos OS Evolved CLI doesn&amp;#39;t properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.<br /> <br /> <br /> This issue affects Junos OS Evolved: <br /> <br /> <br /> <br /> * 21.1-EVO versions 21.1R1-EVO and later before 21.2R3-S8-EVO, <br /> * 21.4-EVO versions before 21.4R3-S7-EVO,<br /> * 22.1-EVO versions before 22.1R3-S6-EVO, <br /> * 22.2-EVO versions before 22.2R3-EVO,<br /> * 22.3-EVO versions before 22.3R2-EVO.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2024

CVE-2024-39522
Publication date:
11/07/2024
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to &amp;#39;root&amp;#39; leading to a full compromise of the system.<br /> <br /> The Junos OS Evolved CLI doesn&amp;#39;t properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.<br /> <br /> <br /> This issue affects Junos OS Evolved:<br /> <br /> <br /> <br /> * 22.3-EVO versions before 22.3R2-EVO,<br /> * 22.4-EVO versions before 22.4R1-S1-EVO, 22.4R2-EVO.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2024

CVE-2024-39523
Publication date:
11/07/2024
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to &amp;#39;root&amp;#39; leading to a full compromise of the system.<br /> <br /> The Junos OS Evolved CLI doesn&amp;#39;t properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.<br /> <br /> This issue affects Junos OS Evolved: <br /> <br /> * All versions before 20.4R3-S7-EVO,<br /> * 21.2-EVO versions before 21.2R3-S8-EVO,<br /> * 21.4-EVO versions before 21.4R3-S7-EVO,<br /> * 22.1-EVO versions before 22.1R3-S6-EVO, <br /> * 22.2-EVO versions before 22.2R3-EVO,<br /> * 22.3-EVO versions before 22.3R2-EVO,<br /> * 22.4-EVO versions before 22.4R2-EVO.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2024

CVE-2024-39524
Publication date:
11/07/2024
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to &amp;#39;root&amp;#39; leading to a full compromise of the system.<br /> <br /> The Junos OS Evolved CLI doesn&amp;#39;t properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.<br /> <br /> This issue affects Junos OS Evolved:<br /> <br /> All versions before 20.4R3-S7-EVO,<br /> <br /> 21.2-EVO versions before 21.2R3-S8-EVO,<br /> <br /> 21.4-EVO versions before 21.4R3-S7-EVO, <br /> <br /> 22.2-EVO versions before 22.2R3-EVO,<br /> <br /> 22.3-EVO versions before 22.3R2-EVO,<br /> <br /> 22.4-EVO versions before 22.4R2-EVO.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2024

CVE-2024-32753
Publication date:
11/07/2024
Under certain circumstances the camera may be susceptible to known vulnerabilities associated with the JQuery versions prior to 3.5.0 third-party component
Severity CVSS v4.0: Pending analysis
Last modification:
11/07/2024

CVE-2024-39519
Publication date:
11/07/2024
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a <br /> <br /> Denial-of-Service (DoS).<br /> <br /> On all ACX 7000 Series platforms running <br /> <br /> Junos OS Evolved, and configured with IRBs, if a Customer Edge device (CE) device is dual homed to two Provider Edge devices (PE) a traffic loop will occur when the CE sends multicast packets. This issue can be triggered by IPv4 and IPv6 traffic.<br /> <br /> <br /> This issue affects Junos OS Evolved: <br /> <br /> All versions from 22.2R1-EVO and later versions before 22.4R2-EVO,<br /> <br /> This issue does not affect Junos OS Evolved versions before 22.1R1-EVO.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2024

CVE-2024-39520
Publication date:
11/07/2024
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to &amp;#39;root&amp;#39; leading to a full compromise of the system.<br /> <br /> The Junos OS Evolved CLI doesn&amp;#39;t properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.<br /> <br /> This issue affects Junos OS Evolved:<br /> <br /> * All version before 20.4R3-S6-EVO, <br /> * 21.2-EVO versions before 21.2R3-S4-EVO,<br /> * 21.4-EVO versions before 21.4R3-S6-EVO, <br /> * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO, <br /> * 22.3-EVO versions before 22.3R2-EVO.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2024

CVE-2024-39317
Publication date:
11/07/2024
Wagtail is an open source content management system built on Django. A bug in Wagtail&amp;#39;s `parse_query_string` would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, `parse_query_string` would take an unexpectedly large amount of time to process, resulting in a denial of service. In an initial Wagtail installation, the vulnerability can be exploited by any Wagtail admin user. It cannot be exploited by end users. If your Wagtail site has a custom search implementation which uses `parse_query_string`, it may be exploitable by other users (e.g. unauthenticated users). Patched versions have been released as Wagtail 5.2.6, 6.0.6 and 6.1.3.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/03/2026
Subscribe to Vulnerabilities