Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-7224
Publication date:
30/07/2024
A vulnerability was found in SourceCodester Lot Reservation Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /lot_details.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272804.
Severity CVSS v4.0: Pending analysis
Last modification:
23/08/2024

CVE-2024-42229
Publication date:
30/07/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> crypto: aead,cipher - zeroize key buffer after use<br /> <br /> I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding<br /> cryptographic information should be zeroized once they are no longer<br /> needed. Accomplish this by using kfree_sensitive for buffers that<br /> previously held the private key.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-42230
Publication date:
30/07/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> powerpc/pseries: Fix scv instruction crash with kexec<br /> <br /> kexec on pseries disables AIL (reloc_on_exc), required for scv<br /> instruction support, before other CPUs have been shut down. This means<br /> they can execute scv instructions after AIL is disabled, which causes an<br /> interrupt at an unexpected entry location that crashes the kernel.<br /> <br /> Change the kexec sequence to disable AIL after other CPUs have been<br /> brought down.<br /> <br /> As a refresher, the real-mode scv interrupt vector is 0x17000, and the<br /> fixed-location head code probably couldn&amp;#39;t easily deal with implementing<br /> such high addresses so it was just decided not to support that interrupt<br /> at all.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-42155
Publication date:
30/07/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> s390/pkey: Wipe copies of protected- and secure-keys<br /> <br /> Although the clear-key of neither protected- nor secure-keys is<br /> accessible, this key material should only be visible to the calling<br /> process. So wipe all copies of protected- or secure-keys from stack,<br /> even in case of an error.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2024

CVE-2024-42156
Publication date:
30/07/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> s390/pkey: Wipe copies of clear-key structures on failure<br /> <br /> Wipe all sensitive data from stack for all IOCTLs, which convert a<br /> clear-key into a protected- or secure-key.
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2024

CVE-2024-42158
Publication date:
30/07/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings<br /> <br /> Replace memzero_explicit() and kfree() with kfree_sensitive() to fix<br /> warnings reported by Coccinelle:<br /> <br /> WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506)<br /> WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643)<br /> WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770)
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2024

CVE-2024-42162
Publication date:
30/07/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> gve: Account for stopped queues when reading NIC stats<br /> <br /> We now account for the fact that the NIC might send us stats for a<br /> subset of queues. Without this change, gve_get_ethtool_stats might make<br /> an invalid access on the priv-&gt;stats_report-&gt;stats array.
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2024

CVE-2024-42226
Publication date:
30/07/2024
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
12/08/2024

CVE-2024-42227
Publication date:
30/07/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Fix overlapping copy within dml_core_mode_programming<br /> <br /> [WHY]<br /> &amp;mode_lib-&gt;mp.Watermark and &amp;locals-&gt;Watermark are<br /> the same address. memcpy may lead to unexpected behavior.<br /> <br /> [HOW]<br /> memmove should be used.
Severity CVSS v4.0: Pending analysis
Last modification:
30/07/2024

CVE-2024-42157
Publication date:
30/07/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> s390/pkey: Wipe sensitive data on failure<br /> <br /> Wipe sensitive data from stack also if the copy_to_user() fails.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-42159
Publication date:
30/07/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: mpi3mr: Sanitise num_phys<br /> <br /> Information is stored in mr_sas_port-&gt;phy_mask, values larger then size of<br /> this field shouldn&amp;#39;t be allowed.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-42160
Publication date:
30/07/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: check validation of fault attrs in f2fs_build_fault_attr()<br /> <br /> - It missed to check validation of fault attrs in parse_options(),<br /> let&amp;#39;s fix to add check condition in f2fs_build_fault_attr().<br /> - Use f2fs_build_fault_attr() in __sbi_store() to clean up code.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025
Subscribe to Vulnerabilities