Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-43765
Publication date:
21/01/2025
In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2025

CVE-2024-43770
Publication date:
21/01/2025
In gatts_process_find_info of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2025

CVE-2024-43771
Publication date:
21/01/2025
In gatts_process_read_req of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2025

CVE-2024-24443
Publication date:
21/01/2025
An uninitialized pointer dereference in the ngap_handle_pdu_session_resource_setup_response routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDU Session Resource Setup Response.
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2025

CVE-2024-24428
Publication date:
21/01/2025
A reachable assertion in the oai_nas_5gmm_decode function of Open5GS
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2025

CVE-2024-24427
Publication date:
21/01/2025
A reachable assertion in the amf_ue_set_suci function of Open5GS
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2025

CVE-2024-24424
Publication date:
21/01/2025
A reachable assertion in the decode_access_point_name_ie function of Magma
Severity CVSS v4.0: Pending analysis
Last modification:
14/03/2025

CVE-2024-24423
Publication date:
21/01/2025
The Linux Foundation Magma
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2025

CVE-2024-24422
Publication date:
21/01/2025
The Linux Foundation Magma
Severity CVSS v4.0: Pending analysis
Last modification:
19/03/2025

CVE-2024-24421
Publication date:
21/01/2025
A type confusion in the nas_message_decode function of Magma
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025

CVE-2024-24420
Publication date:
21/01/2025
A reachable assertion in the decode_linked_ti_ie function of Magma
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025

CVE-2024-24418
Publication date:
21/01/2025
The Linux Foundation Magma
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2025
Subscribe to Vulnerabilities