Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-1065
Publication date:
19/04/2024
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r45p0 through r48p0; Valhall GPU Kernel Driver: from r45p0 through r48p0; Arm 5th Gen GPU Architecture Kernel Driver: from r45p0 through r48p0.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025

CVE-2024-29969
Publication date:
19/04/2024
When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082. <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2025

CVE-2024-29968
Publication date:
19/04/2024
An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access the database structure and its contents.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2025

CVE-2024-29964
Publication date:
19/04/2024
Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2025

CVE-2024-29965
Publication date:
19/04/2024
<br /> In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2025

CVE-2024-29966
Publication date:
19/04/2024
Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance&amp;#39;s root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2025

CVE-2024-29967
Publication date:
19/04/2024
In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files. The vulnerability could allow a sudo privileged user on the host OS to read and write access to these files. <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2025

CVE-2024-2761
Publication date:
19/04/2024
The Genesis Blocks WordPress plugin before 3.1.3 does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2025

CVE-2024-29962
Publication date:
19/04/2024
Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. This could allow a local user without the required privileges to access sensitive information or a Java binary.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2025

CVE-2024-29959
Publication date:
19/04/2024
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node&amp;#39;s support save.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2025

CVE-2024-29960
Publication date:
19/04/2024
<br /> In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2025

CVE-2024-29961
Publication date:
19/04/2024
A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behavior and launch a supply-chain attack against a Brocade SANnav appliance.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2025
Subscribe to Vulnerabilities