Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-46715
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> driver: iio: add missing checks on iio_info&amp;#39;s callback access<br /> <br /> Some callbacks from iio_info structure are accessed without any check, so<br /> if a driver doesn&amp;#39;t implement them trying to access the corresponding<br /> sysfs entries produce a kernel oops such as:<br /> <br /> [ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute<br /> [...]<br /> [ 2203.783416] Call trace:<br /> [ 2203.783429] iio_read_channel_info_avail from dev_attr_show+0x18/0x48<br /> [ 2203.789807] dev_attr_show from sysfs_kf_seq_show+0x90/0x120<br /> [ 2203.794181] sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4<br /> [ 2203.798555] seq_read_iter from vfs_read+0x238/0x2a0<br /> [ 2203.802236] vfs_read from ksys_read+0xa4/0xd4<br /> [ 2203.805385] ksys_read from ret_fast_syscall+0x0/0x54<br /> [ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0)<br /> [ 2203.812880] dfa0: 00000003 b6f10f80 00000003 b6eab000 00020000 00000000<br /> [ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000<br /> [ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0<br /> [ 2203.830363] Code: bad PC value<br /> [ 2203.832695] ---[ end trace 0000000000000000 ]---
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46716
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor<br /> <br /> Remove list_del call in msgdma_chan_desc_cleanup, this should be the role<br /> of msgdma_free_descriptor. In consequence replace list_add_tail with<br /> list_move_tail in msgdma_free_descriptor.<br /> <br /> This fixes the path:<br /> msgdma_free_chan_resources -&gt; msgdma_free_descriptors -&gt;<br /> msgdma_free_desc_list -&gt; msgdma_free_descriptor<br /> <br /> which does not correctly free the descriptors as first nodes were not<br /> removed from the list.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46717
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/mlx5e: SHAMPO, Fix incorrect page release<br /> <br /> Under the following conditions:<br /> 1) No skb created yet<br /> 2) header_size == 0 (no SHAMPO header)<br /> 3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (this is the<br /> last page fragment of a SHAMPO header page)<br /> <br /> a new skb is formed with a page that is NOT a SHAMPO header page (it<br /> is a regular data page). Further down in the same function<br /> (mlx5e_handle_rx_cqe_mpwrq_shampo()), a SHAMPO header page from<br /> header_index is released. This is wrong and it leads to SHAMPO header<br /> pages being released more than once.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46719
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: typec: ucsi: Fix null pointer dereference in trace<br /> <br /> ucsi_register_altmode checks IS_ERR for the alt pointer and treats<br /> NULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled,<br /> ucsi_register_displayport returns NULL which causes a NULL pointer<br /> dereference in trace. Rather than return NULL, call<br /> typec_port_register_altmode to register DisplayPort alternate mode<br /> as a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46720
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: fix dereference after null check<br /> <br /> check the pointer hive before use.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46722
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: fix mc_data out-of-bounds read warning<br /> <br /> Clear warning that read mc_data[i-1] may out-of-bounds.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46723
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: fix ucode out-of-bounds read warning<br /> <br /> Clear warning that read ucode[] may out-of-bounds.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46724
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number<br /> <br /> Check the fb_channel_number range to avoid the array out-of-bounds<br /> read error
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46725
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: Fix out-of-bounds write warning<br /> <br /> Check the ring type value to fix the out-of-bounds<br /> write warning
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46726
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Ensure index calculation will not overflow<br /> <br /> [WHY &amp; HOW]<br /> Make sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will<br /> never overflow and exceess array size.<br /> <br /> This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-41929
Publication date:
18/09/2024
Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2024

CVE-2024-42404
Publication date:
18/09/2024
SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2025
Subscribe to Vulnerabilities