Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-20828

Publication date:
06/02/2024
Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2024

CVE-2024-20823

Publication date:
06/02/2024
Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
Severity CVSS v4.0: Pending analysis
Last modification:
09/02/2024

CVE-2024-20824

Publication date:
06/02/2024
Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
Severity CVSS v4.0: Pending analysis
Last modification:
09/02/2024

CVE-2024-20825

Publication date:
06/02/2024
Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
Severity CVSS v4.0: Pending analysis
Last modification:
09/02/2024

CVE-2024-20826

Publication date:
06/02/2024
Implicit intent hijacking vulnerability in UPHelper library prior to version 4.0.0 allows local attackers to access sensitive information via implicit intent.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2024

CVE-2024-20827

Publication date:
06/02/2024
Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2024

CVE-2024-20817

Publication date:
06/02/2024
Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
12/03/2024

CVE-2024-20818

Publication date:
06/02/2024
Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
12/03/2024

CVE-2024-20819

Publication date:
06/02/2024
Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
12/03/2024

CVE-2024-20820

Publication date:
06/02/2024
Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds read.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2024

CVE-2024-20822

Publication date:
06/02/2024
Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
Severity CVSS v4.0: Pending analysis
Last modification:
09/02/2024

CVE-2024-20814

Publication date:
06/02/2024
Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows local attackers access unauthorized information.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2024