Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-46817
Publication date:
27/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6<br /> <br /> [Why]<br /> Coverity reports OVERRUN warning. Should abort amdgpu_dm<br /> initialize.<br /> <br /> [How]<br /> Return failure to amdgpu_dm_init.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46818
Publication date:
27/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Check gpio_id before used as array index<br /> <br /> [WHY &amp; HOW]<br /> GPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore<br /> should be checked in advance.<br /> <br /> This fixes 5 OVERRUN issues reported by Coverity.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46819
Publication date:
27/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: the warning dereferencing obj for nbio_v7_4<br /> <br /> if ras_manager obj null, don&amp;#39;t print NBIO err data
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46821
Publication date:
27/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/pm: Fix negative array index read<br /> <br /> Avoid using the negative values<br /> for clk_idex as an index into an array pptable-&gt;DpmDescriptor.<br /> <br /> V2: fix clk_index return check (Tim Huang)
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46822
Publication date:
27/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry<br /> <br /> In a review discussion of the changes to support vCPU hotplug where<br /> a check was added on the GICC being enabled if was online, it was<br /> noted that there is need to map back to the cpu and use that to index<br /> into a cpumask. As such, a valid ID is needed.<br /> <br /> If an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible<br /> for the entry in cpu_madt_gicc[cpu] == NULL. This function would<br /> then cause a NULL pointer dereference. Whilst a path to trigger<br /> this has not been established, harden this caller against the<br /> possibility.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46803
Publication date:
27/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdkfd: Check debug trap enable before write dbg_ev_file<br /> <br /> In interrupt context, write dbg_ev_file will be run by work queue. It<br /> will cause write dbg_ev_file execution after debug_trap_disable, which<br /> will cause NULL pointer access.<br /> v2: cancel work "debug_event_workarea" before set dbg_ev_file as NULL.
Severity CVSS v4.0: Pending analysis
Last modification:
04/10/2024

CVE-2024-46806
Publication date:
27/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: Fix the warning division or modulo by zero<br /> <br /> Checks the partition mode and returns an error for an invalid mode.
Severity CVSS v4.0: Pending analysis
Last modification:
02/10/2024

CVE-2024-46808
Publication date:
27/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range<br /> <br /> [Why &amp; How]<br /> ASSERT if return NULL from kcalloc.
Severity CVSS v4.0: Pending analysis
Last modification:
02/10/2024

CVE-2024-46441
Publication date:
27/09/2024
An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers to execute arbitrary code via a ZIP archive to themePutFile in app/common/util/Upload.php (called from app/admin/controller/ypay/Home.php). The file extension of an uncompressed file is not checked.
Severity CVSS v4.0: Pending analysis
Last modification:
30/09/2024

CVE-2024-46809
Publication date:
27/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Check BIOS images before it is used<br /> <br /> BIOS images may fail to load and null checks are added before they are<br /> used.<br /> <br /> This fixes 6 NULL_RETURNS issues reported by Coverity.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46802
Publication date:
27/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: added NULL check at start of dc_validate_stream<br /> <br /> [Why]<br /> prevent invalid memory access<br /> <br /> [How]<br /> check if dc and stream are NULL
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46804
Publication date:
27/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Add array index check for hdcp ddc access<br /> <br /> [Why]<br /> Coverity reports OVERRUN warning. Do not check if array<br /> index valid.<br /> <br /> [How]<br /> Check msg_id valid and valid array index.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025
Subscribe to Vulnerabilities