Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-40250
Publication date:
12/01/2024
Buffer Copy without Checking Size of Input (&amp;#39;Classic Buffer Overflow&amp;#39;) vulnerability in Hancom HCell on Windows allows Overflow Buffers.This issue affects HCell: 12.0.0.893.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
18/01/2024

CVE-2024-0454
Publication date:
12/01/2024
ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor.<br /> This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity.<br /> Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.
Severity CVSS v4.0: Pending analysis
Last modification:
22/01/2024

CVE-2023-6040
Publication date:
12/01/2024
An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.
Severity CVSS v4.0: Pending analysis
Last modification:
20/03/2025

CVE-2023-52339
Publication date:
12/01/2024
In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. It may result in buffer overflows.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2024-21616
Publication date:
12/01/2024
<br /> An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).<br /> <br /> On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.<br /> <br /> NAT IP usage can be monitored by running the following command.<br /> <br /> user@srx&gt; show security nat resource-usage source-pool <br /> <br /> <br /> Pool name: source_pool_name<br /> ..<br /> Address Factor-index Port-range Used Avail Total Usage<br /> X.X.X.X<br /> 0 Single Ports 50258 52342 62464 96%
Severity CVSS v4.0: Pending analysis
Last modification:
19/01/2024

CVE-2024-21617
Publication date:
12/01/2024
<br /> An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Service (DoS).<br /> <br /> On all Junos OS platforms, when NSR is enabled, a BGP flap will cause memory leak. A manual reboot of the system will restore the services.<br /> <br /> Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.<br /> The memory usage can be monitored using the below commands.<br /> <br /> user@host&gt; show chassis routing-engine no-forwarding<br /> user@host&gt; show system memory | no-more<br /> This issue affects:<br /> <br /> Juniper Networks Junos OS<br /> <br /> <br /> <br /> * 21.2 versions earlier than 21.2R3-S5;<br /> * 21.3 versions earlier than 21.3R3-S4;<br /> * 21.4 versions earlier than 21.4R3-S4;<br /> * 22.1 versions earlier than 22.1R3-S2;<br /> * 22.2 versions earlier than 22.2R3-S2;<br /> * 22.3 versions earlier than 22.3R2-S1, 22.3R3;<br /> * 22.4 versions earlier than 22.4R1-S2, 22.4R2.<br /> <br /> <br /> <br /> <br /> This issue does not affect Junos OS versions earlier than 20.4R3-S7.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
26/01/2024

CVE-2024-21607
Publication date:
12/01/2024
<br /> An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device.<br /> <br /> If the "tcp-reset" option is added to the "reject" action in an IPv6 filter which matches on "payload-protocol", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a "next-header" match to avoid this filter bypass.<br /> <br /> This issue doesn&amp;#39;t affect IPv4 firewall filters.<br /> <br /> This issue affects Juniper Networks Junos OS on MX Series and EX9200 Series:<br /> <br /> <br /> <br /> * All versions earlier than 20.4R3-S7;<br /> * 21.1 versions earlier than 21.1R3-S5;<br /> * 21.2 versions earlier than 21.2R3-S5;<br /> * 21.3 versions earlier than 21.3R3-S4;<br /> * 21.4 versions earlier than 21.4R3-S4;<br /> * 22.1 versions earlier than 22.1R3-S2;<br /> * 22.2 versions earlier than 22.2R3-S2;<br /> * 22.3 versions earlier than 22.3R2-S2, 22.3R3;<br /> * 22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3.<br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
18/01/2024

CVE-2024-21611
Publication date:
12/01/2024
<br /> A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).<br /> <br /> In a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a slow memory leak and eventually a crash and restart of rpd.<br /> <br /> Thread level memory utilization for the areas where the leak occurs can be checked using the below command:<br /> <br /> user@host&gt; show task memory detail | match so_in<br /> so_in6 28 32 344450 11022400 344760 11032320<br /> so_in 8 16 1841629 29466064 1841734 29467744<br /> This issue affects:<br /> <br /> Junos OS<br /> <br /> <br /> <br /> * 21.4 versions earlier than 21.4R3;<br /> * 22.1 versions earlier than 22.1R3;<br /> * 22.2 versions earlier than 22.2R3.<br /> <br /> <br /> <br /> <br /> Junos OS Evolved<br /> <br /> <br /> <br /> * 21.4-EVO versions earlier than 21.4R3-EVO;<br /> * 22.1-EVO versions earlier than 22.1R3-EVO;<br /> * 22.2-EVO versions earlier than 22.2R3-EVO.<br /> <br /> <br /> <br /> <br /> This issue does not affect:<br /> <br /> Juniper Networks Junos OS versions earlier than 21.4R1.<br /> <br /> Juniper Networks Junos OS Evolved versions earlier than 21.4R1.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
18/01/2024

CVE-2024-21612
Publication date:
12/01/2024
<br /> <br /> <br /> <br /> <br /> An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).<br /> <br /> On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.<br /> <br /> <br /> <br /> <br /> <br /> This issue affects:<br /> <br /> Juniper Networks Junos OS Evolved<br /> <br /> <br /> <br /> * All versions earlier than 21.2R3-S7-EVO;<br /> * 21.3 versions earlier than 21.3R3-S5-EVO ;<br /> * 21.4 versions earlier than 21.4R3-S5-EVO;<br /> * 22.1 versions earlier than 22.1R3-S4-EVO;<br /> * 22.2 versions earlier than 22.2R3-S3-EVO ;<br /> * 22.3 versions earlier than 22.3R3-EVO;<br /> * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.<br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
29/01/2024

CVE-2024-21613
Publication date:
12/01/2024
<br /> A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of Service (DoS).<br /> <br /> On all Junos OS and Junos OS Evolved platforms, when traffic engineering is enabled for OSPF or ISIS, and a link flaps, a patroot memory leak is observed. This memory leak, over time, will lead to an rpd crash and restart.<br /> <br /> The memory usage can be monitored using the below command.<br /> <br /> user@host&gt; show task memory detail | match patroot<br /> This issue affects:<br /> <br /> Juniper Networks Junos OS<br /> <br /> <br /> <br /> * All versions earlier than 21.2R3-S3;<br /> * 21.3 versions earlier than 21.3R3-S5;<br /> * 21.4 versions earlier than 21.4R3-S3;<br /> * 22.1 versions earlier than 22.1R3;<br /> * 22.2 versions earlier than 22.2R3.<br /> <br /> <br /> <br /> <br /> Juniper Networks Junos OS Evolved<br /> <br /> <br /> <br /> * All versions earlier than 21.3R3-S5-EVO;<br /> * 21.4 versions earlier than 21.4R3-EVO;<br /> * 22.1 versions earlier than 22.1R3-EVO;<br /> * 22.2 versions earlier than 22.2R3-EVO.<br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
19/01/2024

CVE-2024-21614
Publication date:
12/01/2024
<br /> An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Denial of Service (DoS).<br /> <br /> On all Junos OS and Junos OS Evolved platforms, when NETCONF and gRPC are enabled, and a specific query is executed via Dynamic Rendering (DREND), rpd will crash and restart. Continuous execution of this specific query will cause a sustained Denial of Service (DoS) condition.<br /> <br /> This issue affects:<br /> <br /> Juniper Networks Junos OS<br /> <br /> <br /> <br /> * 22.2 versions earlier than 22.2R2-S2, 22.2R3;<br /> * 22.3 versions earlier than 22.3R2, 22.3R3.<br /> <br /> <br /> <br /> <br /> Juniper Networks Junos OS Evolved<br /> <br /> <br /> <br /> * 22.2 versions earlier than 22.2R2-S2-EVO, 22.2R3-EVO;<br /> * 22.3 versions earlier than 22.3R2-EVO, 22.3R3-EVO.<br /> <br /> <br /> <br /> <br /> This issue does not affect Juniper Networks:<br /> <br /> Junos OS versions earlier than 22.2R1;<br /> <br /> Junos OS Evolved versions earlier than 22.2R1-EVO.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
18/01/2024

CVE-2024-21601
Publication date:
12/01/2024
<br /> A Concurrent Execution using Shared Resource with Improper Synchronization (&amp;#39;Race Condition&amp;#39;) vulnerability in the Flow-processing Daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos).<br /> <br /> On SRX Series devices when two different threads try to simultaneously process a queue which is used for TCP events flowd will crash. One of these threads can not be triggered externally, so the exploitation of this race condition is outside the attackers direct control.<br /> <br /> Continued exploitation of this issue will lead to a sustained DoS.<br /> <br /> This issue affects Juniper Networks Junos OS:<br /> <br /> <br /> <br /> * 21.2 versions earlier than 21.2R3-S5;<br /> * 21.3 versions earlier than 21.3R3-S5;<br /> * 21.4 versions earlier than 21.4R3-S4;<br /> * 22.1 versions earlier than 22.1R3-S3;<br /> * 22.2 versions earlier than 22.2R3-S1;<br /> * 22.3 versions earlier than 22.3R2-S2, 22.3R3;<br /> * 22.4 versions earlier than 22.4R2-S1, 22.4R3.<br /> <br /> <br /> <br /> <br /> This issue does not affect Juniper Networks Junos OS versions earlier than 21.2R1.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
19/01/2024
Subscribe to Vulnerabilities