Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-47506
Publication date:
11/10/2024
A Deadlock vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).<br /> <br /> When a large amount of traffic is processed by ATP Cloud inspection, a deadlock can occur which will result in a PFE crash and restart. Whether the crash occurs, depends on system internal timing that is outside the attackers control.<br /> <br /> <br /> <br /> This issue affects Junos OS on SRX Series:<br /> <br /> <br /> <br /> * All versions before 21.3R3-S1,<br /> * 21.4 versions before 21.4R3,<br /> * 22.1 versions before 22.1R2,<br /> * 22.2 versions before 22.2R1-S2, 22.2R2.
Severity CVSS v4.0: HIGH
Last modification:
26/01/2026

CVE-2024-47507
Publication date:
11/10/2024
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an integrity impact to the downstream devices.<br /> <br /> When a peer sends a BGP update message which contains the aggregator attribute with an ASN value of zero (0), rpd accepts and propagates this attribute, which can cause issues for downstream BGP peers receiving this.<br /> <br /> <br /> <br /> This issue affects:<br /> <br /> Junos OS:<br /> <br /> <br /> <br /> * All versions before 21.4R3-S6,<br /> * 22.2 versions before 22.2R3-S3,<br /> * 22.4 versions before 22.4R3; <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> Junos OS Evolved: <br /> <br /> <br /> <br /> * All versions before 21.4R3-S7-EVO,<br /> * 22.2 versions before 22.2R3-S4-EVO,<br /> * 22.4 versions before 22.4R3-EVO.
Severity CVSS v4.0: MEDIUM
Last modification:
26/01/2026

CVE-2024-47501
Publication date:
11/10/2024
A NULL Pointer Dereference vulnerability in the <br /> <br /> packet forwarding engine (pfe) of Juniper Networks Junos OS on MX304, MX with MPC10/11/LC9600, and EX9200 with EX9200-15C allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS).<br /> <br /> In a VPLS or Junos Fusion scenario, the execution of specific show commands will cause all FPCs hosting VPLS sessions or connecting to satellites to crash and restart.<br /> <br /> This issue affects Junos on MX304, MX with MPC10/11/LC9600 and EX9200 with EX9200-15C: <br /> <br /> <br /> <br /> * All version before 21.2R3-S1,<br /> * 21.3 versions before 21.3R3, <br /> * 21.4 versions before 21.4R2.
Severity CVSS v4.0: MEDIUM
Last modification:
26/01/2026

CVE-2024-47502
Publication date:
11/10/2024
An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).<br /> <br /> In specific cases the state of TCP sessions that are terminated is not cleared, which over time leads to an exhaustion of resources, preventing new connections to the control plane from being established.<br /> <br /> A continuously increasing number of connections shown by:<br /> <br /> <br /> <br /> user@host &gt; show system connections<br /> <br /> <br /> <br /> is indicative of the problem. To recover the respective RE needs to be restarted manually.<br /> <br /> This issue only affects IPv4 but does not affect IPv6.<br /> This issue only affects TCP sessions established in-band (over an interface on an FPC) but not out-of-band (over the management ethernet port on the routing-engine).<br /> <br /> This issue affects Junos OS Evolved: <br /> <br /> * All versions before 21.4R3-S9-EVO,<br /> * 22.2 versions before 22.2R3-S4-EVO,<br /> * 22.4 version before 22.4R3-S3-EVO,<br /> * 23.2 versions before 23.2R2-S1-EVO,<br /> * 23.4 versions before 23.4R2-EVO.
Severity CVSS v4.0: HIGH
Last modification:
26/01/2026

CVE-2024-47503
Publication date:
11/10/2024
An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX4600 and SRX5000 Series allows an unauthenticated and logically adjacent attacker to cause a Denial-of-Service (DoS).<br /> <br /> If in a multicast scenario a sequence of <br /> <br /> specific PIM packets is received, this will cause a flowd crash and restart, which leads to momentary service interruption.<br /> This issue affects Junos OS on SRX 4600 and SRX 5000 Series:<br /> <br /> <br /> <br /> * All versions before 21.4R3-S9,<br /> * 22.2 versions before 22.2R3-S5,<br /> * 22.3 versions before 22.3R3-S4,<br /> * 22.4 versions before 22.4R3-S4,<br /> * 23.2 versions before 23.2R2-S2,<br /> * 23.4 versions before 23.4R2, <br /> * 24.2 versions before 24.2R1-S1, 24.2R2.
Severity CVSS v4.0: HIGH
Last modification:
26/01/2026

CVE-2024-47504
Publication date:
11/10/2024
An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine (pfe) Juniper Networks Junos OS on SRX5000 Series allows an unauthenticated, network based attacker to cause a Denial of Service (Dos).<br /> <br /> When a non-clustered SRX5000 device receives a specifically malformed packet this will cause a flowd crash and restart.<br /> <br /> This issue affects Junos OS:<br /> <br /> * 22.1 releases 22.1R1 and later before 22.2R3-S5,<br /> * 22.3 releases before 22.3R3-S4,<br /> * 22.4 releases before 22.4R3-S4,<br /> * 23.2 releases before 23.2R2-S2,<br /> * 23.4 releases before 23.4R2-S1,<br /> * 24.2 releases before 24.2R1-S1, 24.2R2.<br /> <br /> <br /> Please note that the PR does indicate that earlier versions have been fixed as well, but these won&amp;#39;t be adversely impacted by this.
Severity CVSS v4.0: HIGH
Last modification:
26/01/2026

CVE-2024-47497
Publication date:
11/10/2024
An Uncontrolled Resource Consumption vulnerability in the http daemon (httpd) of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based attacker to cause Denial-of-Service (DoS).<br /> <br /> An attacker can send specific HTTPS connection requests to the device, triggering the creation of processes that are not properly terminated. Over time, this leads to resource exhaustion, ultimately causing the device to crash and restart.<br /> <br /> The following command can be used to monitor the resource usage:<br /> user@host&gt; show system processes extensive | match mgd | count<br /> <br /> This issue affects Junos OS on SRX Series and EX Series:<br /> All versions before 21.4R3-S7,<br /> from 22.2 before 22.2R3-S4,<br /> from 22.3 before 22.3R3-S3,<br /> from 22.4 before 22.4R3-S2,<br /> from 23.2 before 23.2R2-S1,<br /> from 23.4 before 23.4R1-S2, 23.4R2.
Severity CVSS v4.0: HIGH
Last modification:
26/01/2026

CVE-2024-47496
Publication date:
11/10/2024
A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS).<br /> <br /> When a specific command is executed, the pfe crashes. This will cause traffic forwarding to be interrupted until the system self-recovers. Repeated execution will create a sustained DoS condition.<br /> <br /> This issue only affects MX Series devices with Line cards MPC1-MPC9.<br /> This issue affects:<br /> Junos OS on MX Series: <br /> <br /> <br /> * All versions before 21.4R3-S9, <br /> * from 22.2 before 22.2R3-S5, <br /> * from 22.3 before 22.3R3-S4, <br /> * from 22.4 before 22.4R3-S2, <br /> * from 23.2 before 23.2R2-S1, <br /> * from 23.4 before 23.4R2.
Severity CVSS v4.0: MEDIUM
Last modification:
26/01/2026

CVE-2024-47498
Publication date:
11/10/2024
An Unimplemented or Unsupported Feature in UI vulnerability in the CLI of Juniper Networks Junos OS Evolved on QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).<br /> <br /> Several configuration statements meant to enforce limits on MAC learning and moves can be configured but do not take effect. This can lead to control plane overload situations which will severely impact the ability of the device to processes legitimate traffic.<br /> <br /> <br /> <br /> This issue affects Junos OS Evolved on QFX5000 Series:<br /> <br /> <br /> <br /> * All versions before 21.4R3-S8-EVO,<br /> * 22.2-EVO versions before 22.2R3-S5-EVO,<br /> <br /> * 22.4-EVO versions before 22.4R3-EVO,<br /> * 23.2-EVO versions before 23.2R2-EVO.
Severity CVSS v4.0: HIGH
Last modification:
26/01/2026

CVE-2024-47499
Publication date:
11/10/2024
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). <br /> <br /> In a scenario where BGP Monitoring Protocol (BMP) is configured with rib-in pre-policy monitoring, receiving a BGP update with a specifically malformed AS PATH attribute over an established BGP session, can cause an RPD crash and restart.<br /> <br /> This issue affects:<br /> <br /> Junos OS: <br /> <br /> <br /> <br /> * All versions before 21.2R3-S8,<br /> * 21.4 versions before 21.4R3-S8,<br /> * 22.2 versions before 22.2R3-S4,<br /> * 22.3 versions before 22.3R3-S3,<br /> * 22.4 versions before 22.4R3-S2,<br /> * 23.2 versions before 23.2R2-S1,<br /> * 23.4 versions before 23.4R1-S2, 23.4R2;<br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> Junos OS Evolved:<br /> <br /> <br /> <br /> <br /> * All versions before 21.2R3-S8-EVO,<br /> * 21.4 versions before 21.4R3-S8-EVO,<br /> * 22.2 versions before 22.2R3-S4-EVO,<br /> * 22.3 versions before 22.3R3-S3-EVO,<br /> * 22.4 versions before 22.4R3-S2-EVO,<br /> * 23.2 versions before 23.2R2-S1-EVO,<br /> * 23.4 versions before 23.4R1-S2-EVO, 23.4R2-EVO.
Severity CVSS v4.0: HIGH
Last modification:
26/01/2026

CVE-2024-47495
Publication date:
11/10/2024
An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated attacker with shell access to gain full control of the device when Dual Routing Engines (REs) are in use on Juniper Networks Junos OS Evolved devices.<br /> <br /> This issue affects:<br /> Juniper Networks Junos OS Evolved with dual-REs:<br /> * All versions before 21.2R3-S8-EVO,<br /> * from 21.4-EVO before 21.4R3-S8-EVO,<br /> * from 22.2-EVO before 22.2R3-S4-EVO,<br /> * from 22.3-EVO before 22.3R3-S4-EVO,<br /> * from 22.4-EVO before 22.4R3-S3-EVO,<br /> * from 23.2-EVO before 23.2R2-S1-EVO,<br /> * from 23.4-EVO before 23.4R2-S1-EVO.<br /> <br /> <br /> <br /> This issue does not affect Juniper Networks Junos OS.
Severity CVSS v4.0: HIGH
Last modification:
26/01/2026

CVE-2024-47494
Publication date:
11/10/2024
A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the AgentD process of Juniper Networks Junos OS allows an attacker who is already causing impact to established sessions which generates counter changes picked up by the AgentD process during telemetry polling, to move the AgentD process into a state where AgentD attempts to reap an already destroyed sensor. This reaping attempt then leads to memory corruption causing the FPC to crash which is a Denial of Service (DoS).<br /> <br /> <br /> <br /> <br /> <br /> The FPC will recover automatically without user intervention after the crash.<br /> This issue affects Junos OS: <br /> <br /> * All versions before 21.4R3-S9<br /> * From 22.2 before 22.2R3-S5,<br /> * From 22.3 before 22.3R3-S4,<br /> * From 22.4 before 22.4R3-S3,<br /> * From 23.2 before 23.2R2-S2,<br /> * From 23.4 before 23.4R2.<br /> <br /> <br /> This issue does not affect Junos OS Evolved.
Severity CVSS v4.0: HIGH
Last modification:
26/01/2026
Subscribe to Vulnerabilities