Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-39533
Publication date:
11/07/2024
An Unimplemented or Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an unauthenticated, network-based attacker to cause a minor integrity impact to downstream networks.If one or more of the following match conditions<br /> <br /> ip-source-address<br /> ip-destination-address<br /> arp-type<br /> <br /> which are not supported for this type of filter, are used in an ethernet switching filter, and then this filter is applied as an output filter, the configuration can be committed but the filter will not be in effect.<br /> <br /> <br /> <br /> <br /> This issue affects Junos OS on QFX5000 Series and EX4600 Series:<br /> <br /> * All version before 21.2R3-S7, <br /> * 21.4 versions before 21.4R3-S6,<br /> * 22.1 versions before 22.1R3-S5,<br /> * 22.2 versions before 22.2R3-S3,<br /> * 22.3 versions before 22.3R3-S2, <br /> * 22.4 versions before 22.4R3,<br /> * 23.2 versions before 23.2R2.<br /> <br /> <br /> <br /> Please note that the implemented fix ensures these unsupported match conditions cannot be committed anymore.
Severity CVSS v4.0: MEDIUM
Last modification:
22/01/2026

CVE-2024-39535
Publication date:
11/07/2024
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).<br /> <br /> When a device has a Layer 3 or an IRB interface configured in a VPLS instance and specific traffic is received, the evo-pfemand processes crashes which causes a service outage for the respective FPC until the system is recovered manually.<br /> <br /> This issue only affects Junos OS Evolved 22.4R2-S1 and 22.4R2-S2 releases and is fixed in 22.4R3. No other releases are affected.
Severity CVSS v4.0: HIGH
Last modification:
22/01/2026

CVE-2024-39531
Publication date:
11/07/2024
An Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a Denial-of-Service (DoS).<br /> <br /> If a value is configured for DDoS bandwidth or burst parameters for any protocol in<br /> a queue, all protocols which share the same queue will have<br /> their bandwidth or burst value changed to the new value. If, for example, OSPF was configured with a certain bandwidth value, ISIS would also be limited to this value. So inadvertently either the control plane is open for a high level of specific traffic which was supposed to be limited to a lower value, or the limit for a certain protocol is so low that chances to succeed with a volumetric DoS attack are significantly increased. <br /> <br /> <br /> <br /> <br /> This issue affects Junos OS Evolved on ACX 7000 Series:<br /> <br /> <br /> <br /> * All versions before 21.4R3-S7-EVO,<br /> * 22.1 versions before 22.1R3-S6-EVO, <br /> * 22.2 versions before 22.2R3-S3-EVO,<br /> * 22.3 versions before 22.3R3-S3-EVO, <br /> * 22.4 versions before 22.4R3-S2-EVO,<br /> * 23.2 versions before 23.2R2-EVO,<br /> * 23.4 <br /> <br /> versions <br /> <br /> before 23.4R1-S1-EVO, 23.4R2-EVO.
Severity CVSS v4.0: HIGH
Last modification:
22/01/2026

CVE-2024-39532
Publication date:
11/07/2024
An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information.<br /> <br /> When another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information.<br /> This issue affects:<br /> <br /> Junos OS:<br /> <br /> <br /> <br /> * All versions before 21.2R3-S9;<br /> * <br /> <br /> 21.4 versions before 21.4R3-S9;<br /> <br /> * 22.2 versions before 22.2R2-S1, 22.2R3;<br /> * 22.3 versions before 22.3R1-S1, 22.3R2;<br /> <br /> <br /> <br /> <br /> Junos OS Evolved:<br /> <br /> <br /> <br /> * All versions before before 22.1R3-EVO;<br /> * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO;<br /> * 22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO.
Severity CVSS v4.0: Pending analysis
Last modification:
22/01/2026

CVE-2024-39905
Publication date:
11/07/2024
Red is a fully modular Discord bot. Due to a bug in Red&amp;#39;s Core API, 3rd-party cogs using the `@commands.can_manage_channel()` command permission check without additional permission controls may authorize a user to run a command even when that user doesn&amp;#39;t have permissions to manage a channel. None of the core commands or core cogs are affected. The maintainers of the project are not aware of any _public_ 3rd-party cog utilizing this API at the time of writing this advisory. The problem was patched and released in version 3.5.10.
Severity CVSS v4.0: Pending analysis
Last modification:
11/07/2024

CVE-2024-6680
Publication date:
11/07/2024
A vulnerability classified as critical was found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this vulnerability is an unknown functionality of the file /api/dept/build. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271153 was assigned to this vulnerability.
Severity CVSS v4.0: MEDIUM
Last modification:
10/10/2025

CVE-2024-39528
Publication date:
11/07/2024
A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service (DoS).On all Junos OS and Junos Evolved platforms, if a routing-instance deactivation is triggered, and at the same time a specific SNMP request is received, a segmentation fault occurs which causes rpd to crash and restart.<br /> <br /> <br /> <br /> <br /> This issue affects:<br /> <br />    Junos OS:<br /> <br /> <br /> <br /> * All versions before 21.2R3-S8, <br /> * 21.4 versions before 21.4R3-S5,<br /> * 22.2 versions before 22.2R3-S3,<br /> * 22.3 versions before 22.3R3-S2,<br /> * 22.4 versions before 22.4R3,<br /> * 23.2 versions before 23.2R2.<br /> <br /> <br /> <br /> <br />   Junos OS Evolved:<br /> <br /> <br /> <br /> * All versions before 21.2R3-S8-EVO,<br /> * 21.4-EVO versions before 21.4R3-S5-EVO,<br /> * 22.2-EVO versions before 22.2R3-S3-EVO, <br /> * 22.3-EVO versions before 22.3R3-S2-EVO,<br /> * 22.4-EVO versions before 22.4R3-EVO,<br /> * 23.2-EVO versions before 23.2R2-EVO.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2024

CVE-2024-39529
Publication date:
11/07/2024
A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).<br /> <br /> <br /> <br /> If DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received this causes a PFE crash and restart, leading to a Denial of Service.<br /> <br /> This issue affects Junos OS: <br /> * All versions before 21.4R3-S6,<br /> * 22.2 versions before 22.2R3-S3,<br /> * 22.3 versions before 22.3R3-S3,<br /> * 22.4 versions before 22.4R3,<br /> * 23.2 versions before 23.2R2.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2024

CVE-2024-39530
Publication date:
11/07/2024
An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis management daemon (chassisd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a <br /> <br /> Denial-of-Service (DoS).<br /> <br /> If an attempt is made to access specific sensors on platforms not supporting these sensors, either via GRPC or netconf, chassisd will crash and restart leading to a restart of all FPCs and thereby a complete outage.<br /> <br /> This issue affects Junos OS:<br /> <br /> <br /> <br /> * 21.4 versions from 21.4R3 before 21.4R3-S5,<br /> * 22.1 versions from 22.1R3 before 22.1R3-S4,<br /> * 22.2 versions from 22.2R2 before 22.2R3,<br /> * 22.3 versions from 22.3R1 before 22.3R2-S2, 22.3R3,<br /> * 22.4 versions from 22.4R1 before 22.4R2.<br /> <br /> <br /> This issue does not affect Junos OS versions earlier than 21.4.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2024

CVE-2024-39904
Publication date:
11/07/2024
VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim&amp;#39;s system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example, file:///C:/WINDOWS/system32/cmd.exe. This allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as file:///C:/WINDOWS/system32/cmd.exe and file:///C:/WINDOWS/system32/calc.exe. This vulnerability can be exploited by creating and sharing specially crafted notes. An attacker could send a crafted note file and perform further attacks. This vulnerability is fixed in 3.18.1.
Severity CVSS v4.0: Pending analysis
Last modification:
11/07/2024

CVE-2024-39521
Publication date:
11/07/2024
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to &amp;#39;root&amp;#39; leading to a full compromise of the system.<br /> <br /> The Junos OS Evolved CLI doesn&amp;#39;t properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.<br /> <br /> <br /> This issue affects Junos OS Evolved: <br /> <br /> <br /> <br /> * 21.1-EVO versions 21.1R1-EVO and later before 21.2R3-S8-EVO, <br /> * 21.4-EVO versions before 21.4R3-S7-EVO,<br /> * 22.1-EVO versions before 22.1R3-S6-EVO, <br /> * 22.2-EVO versions before 22.2R3-EVO,<br /> * 22.3-EVO versions before 22.3R2-EVO.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2024

CVE-2024-39522
Publication date:
11/07/2024
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to &amp;#39;root&amp;#39; leading to a full compromise of the system.<br /> <br /> The Junos OS Evolved CLI doesn&amp;#39;t properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.<br /> <br /> <br /> This issue affects Junos OS Evolved:<br /> <br /> <br /> <br /> * 22.3-EVO versions before 22.3R2-EVO,<br /> * 22.4-EVO versions before 22.4R1-S1-EVO, 22.4R2-EVO.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2024
Subscribe to Vulnerabilities