Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-56739
Publication date:
29/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> rtc: check if __rtc_read_time was successful in rtc_timer_do_work()<br /> <br /> If the __rtc_read_time call fails,, the struct rtc_time tm; may contain<br /> uninitialized data, or an illegal date/time read from the RTC hardware.<br /> <br /> When calling rtc_tm_to_ktime later, the result may be a very large value<br /> (possibly KTIME_MAX). If there are periodic timers in rtc-&gt;timerqueue,<br /> they will continually expire, may causing kernel softlockup.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-56745
Publication date:
29/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> PCI: Fix reset_method_store() memory leak<br /> <br /> In reset_method_store(), a string is allocated via kstrndup() and assigned<br /> to the local "options". options is then used in with strsep() to find<br /> spaces:<br /> <br /> while ((name = strsep(&amp;options, " ")) != NULL) {<br /> <br /> If there are no remaining spaces, then options is set to NULL by strsep(),<br /> so the subsequent kfree(options) doesn&amp;#39;t free the memory allocated via<br /> kstrndup().<br /> <br /> Fix by using a separate tmp_options to iterate with strsep() so options is<br /> preserved.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-56721
Publication date:
29/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> x86/CPU/AMD: Terminate the erratum_1386_microcode array<br /> <br /> The erratum_1386_microcode array requires an empty entry at the end.<br /> Otherwise x86_match_cpu_with_stepping() will continue iterate the array after<br /> it ended.<br /> <br /> Add an empty entry to erratum_1386_microcode to its end.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2025

CVE-2024-56720
Publication date:
29/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bpf, sockmap: Several fixes to bpf_msg_pop_data<br /> <br /> Several fixes to bpf_msg_pop_data,<br /> 1. In sk_msg_shift_left, we should put_page<br /> 2. if (len == 0), return early is better<br /> 3. pop the entire sk_msg (last == msg-&gt;sg.size) should be supported<br /> 4. Fix for the value of variable "a"<br /> 5. In sk_msg_shift_left, after shifting, i has already pointed to the next<br /> element. Addtional sk_msg_iter_var_next may result in BUG.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-56722
Publication date:
29/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> RDMA/hns: Fix cpu stuck caused by printings during reset<br /> <br /> During reset, cmd to destroy resources such as qp, cq, and mr may fail,<br /> and error logs will be printed. When a large number of resources are<br /> destroyed, there will be lots of printings, and it may lead to a cpu<br /> stuck.<br /> <br /> Delete some unnecessary printings and replace other printing functions<br /> in these paths with the ratelimited version.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-56723
Publication date:
29/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices<br /> <br /> While design wise the idea of converting the driver to use<br /> the hierarchy of the IRQ chips is correct, the implementation<br /> has (inherited) flaws. This was unveiled when platform_get_irq()<br /> had started WARN() on IRQ 0 that is supposed to be a Linux<br /> IRQ number (also known as vIRQ).<br /> <br /> Rework the driver to respect IRQ domain when creating each MFD<br /> device separately, as the domain is not the same for all of them.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-56724
Publication date:
29/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device<br /> <br /> While design wise the idea of converting the driver to use<br /> the hierarchy of the IRQ chips is correct, the implementation<br /> has (inherited) flaws. This was unveiled when platform_get_irq()<br /> had started WARN() on IRQ 0 that is supposed to be a Linux<br /> IRQ number (also known as vIRQ).<br /> <br /> Rework the driver to respect IRQ domain when creating each MFD<br /> device separately, as the domain is not the same for all of them.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-56725
Publication date:
29/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c<br /> <br /> Add error pointer check after calling otx2_mbox_get_rsp().
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-56726
Publication date:
29/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c<br /> <br /> Add error pointer check after calling otx2_mbox_get_rsp().
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-56727
Publication date:
29/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c<br /> <br /> Adding error pointer check after calling otx2_mbox_get_rsp().
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-56728
Publication date:
29/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c<br /> <br /> Add error pointer check after calling otx2_mbox_get_rsp().
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-13012
Publication date:
29/12/2024
A vulnerability, which was classified as problematic, has been found in code-projects Hostel Management System 1.0. This issue affects some unknown processing of the file /admin/registration.php. The manipulation of the argument fname/mname/lname leads to cross site scripting. The attack may be initiated remotely.
Severity CVSS v4.0: MEDIUM
Last modification:
23/10/2025
Subscribe to Vulnerabilities