Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-52681
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> efivarfs: Free s_fs_info on unmount<br /> <br /> Now that we allocate a s_fs_info struct on fs context creation, we<br /> should ensure that we free it again when the superblock goes away.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2025

CVE-2023-52682
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: fix to wait on block writeback for post_read case<br /> <br /> If inode is compressed, but not encrypted, it missed to call<br /> f2fs_wait_on_block_writeback() to wait for GCed page writeback<br /> in IPU write path.<br /> <br /> Thread A GC-Thread<br /> - f2fs_gc<br /> - do_garbage_collect<br /> - gc_data_segment<br /> - move_data_block<br /> - f2fs_submit_page_write<br /> migrate normal cluster&amp;#39;s block via<br /> meta_inode&amp;#39;s page cache<br /> - f2fs_write_single_data_page<br /> - f2fs_do_write_data_page<br /> - f2fs_inplace_write_data<br /> - f2fs_submit_page_bio<br /> <br /> IRQ<br /> - f2fs_read_end_io<br /> IRQ<br /> old data overrides new data due to<br /> out-of-order GC and common IO.<br /> - f2fs_read_end_io
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2025

CVE-2023-52684
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> firmware: qcom: qseecom: fix memory leaks in error paths<br /> <br /> Fix instances of returning error codes directly instead of jumping to<br /> the relevant labels where memory allocated for the SCM calls would be<br /> freed.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2025

CVE-2023-52685
Publication date:
17/05/2024
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
18/06/2024

CVE-2023-52686
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> powerpc/powernv: Add a null pointer check in opal_event_init()<br /> <br /> kasprintf() returns a pointer to dynamically allocated memory<br /> which can be NULL upon failure.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2024

CVE-2023-52687
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> crypto: safexcel - Add error handling for dma_map_sg() calls<br /> <br /> Macro dma_map_sg() may return 0 on error. This patch enables<br /> checks in case of the macro failure and ensures unmapping of<br /> previously mapped buffers with dma_unmap_sg().<br /> <br /> Found by Linux Verification Center (linuxtesting.org) with static<br /> analysis tool SVACE.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2025

CVE-2023-52688
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: ath12k: fix the error handler of rfkill config<br /> <br /> When the core rfkill config throws error, it should free the<br /> allocated resources. Currently it is not freeing the core pdev<br /> create resources. Avoid this issue by calling the core pdev<br /> destroy in the error handler of core rfkill config.<br /> <br /> Found this issue in the code review and it is compile tested only.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2025

CVE-2023-52689
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ALSA: scarlett2: Add missing mutex lock around get meter levels<br /> <br /> As scarlett2_meter_ctl_get() uses meter_level_map[], the data_mutex<br /> should be locked while accessing it.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2025

CVE-2023-52683
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ACPI: LPIT: Avoid u32 multiplication overflow<br /> <br /> In lpit_update_residency() there is a possibility of overflow<br /> in multiplication, if tsc_khz is large enough (&gt; UINT_MAX/1000).<br /> <br /> Change multiplication to mul_u32_u32().<br /> <br /> Found by Linux Verification Center (linuxtesting.org) with SVACE.
Severity CVSS v4.0: Pending analysis
Last modification:
17/12/2025

CVE-2023-52674
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put()<br /> <br /> Ensure the value passed to scarlett2_mixer_ctl_put() is between 0 and<br /> SCARLETT2_MIXER_MAX_VALUE so we don&amp;#39;t attempt to access outside<br /> scarlett2_mixer_values[].
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2025

CVE-2023-52675
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> powerpc/imc-pmu: Add a null pointer check in update_events_in_group()<br /> <br /> kasprintf() returns a pointer to dynamically allocated memory<br /> which can be NULL upon failure.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2024

CVE-2023-52676
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bpf: Guard stack limits against 32bit overflow<br /> <br /> This patch promotes the arithmetic around checking stack bounds to be<br /> done in the 64-bit domain, instead of the current 32bit. The arithmetic<br /> implies adding together a 64-bit register with a int offset. The<br /> register was checked to be below 1
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2025
Subscribe to Vulnerabilities