Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-20591
Publication date:
13/08/2024
Improper re-initialization of IOMMU during the DRTM event<br /> may permit an untrusted platform configuration to persist, allowing an attacker<br /> to read or modify hypervisor memory, potentially resulting in loss of<br /> confidentiality, integrity, and availability.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025

CVE-2022-23815
Publication date:
13/08/2024
Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2025

CVE-2022-23817
Publication date:
13/08/2024
Insufficient checking of memory buffer in AMD Secure Processor (ASP) Secure OS may allow an attacker with a malicious trusted application to read/write to the ASP Secure OS kernel virtual address space, potentially resulting in privilege escalation.
Severity CVSS v4.0: HIGH
Last modification:
15/05/2026

CVE-2023-20509
Publication date:
13/08/2024
An insufficient DRAM address validation in PMFW may allow a privileged attacker to perform a DMA read from an invalid DRAM address to SRAM, potentially resulting in loss of data integrity.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2023-20510
Publication date:
13/08/2024
An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
12/12/2024

CVE-2023-20512
Publication date:
13/08/2024
A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2021-26344
Publication date:
13/08/2024
An out of bounds memory write when processing the AMD<br /> PSP1 Configuration Block (APCB) could allow an attacker with access the ability<br /> to modify the BIOS image, and the ability to sign the resulting image, to<br /> potentially modify the APCB block resulting in arbitrary code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2025

CVE-2021-26367
Publication date:
13/08/2024
A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.
Severity CVSS v4.0: Pending analysis
Last modification:
12/12/2024

CVE-2021-26387
Publication date:
13/08/2024
Insufficient access controls in ASP kernel may allow a<br /> privileged attacker with access to AMD signing keys and the BIOS menu or UEFI<br /> shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2021-46746
Publication date:
13/08/2024
Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing<br /> keys to c006Frrupt the return address, causing a<br /> stack-based buffer overrun, potentially leading to a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2021-46772
Publication date:
13/08/2024
Insufficient input validation in the ABL may allow a privileged<br /> attacker with access to the BIOS menu or UEFI shell to tamper with the<br /> structure headers in SPI ROM causing an out of bounds memory read and write,<br /> potentially resulting in memory corruption or denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-7746
Publication date:
13/08/2024
Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator Panel modules allows Authentication Abuse.This issue affects the privileged transactions implemented by the Traccar solution that should otherwise be protected by the authentication mechanism. <br /> These transactions could have an impact on any sensitive aspect of the platform, including Confidentiality, Integrity and Availability.
Severity CVSS v4.0: Pending analysis
Last modification:
22/08/2024
Subscribe to Vulnerabilities