Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-47047

Publication date:
28/02/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails<br /> <br /> The spi controller supports 44-bit address space on AXI in DMA mode,<br /> so set dma_addr_t width to 44-bit to avoid using a swiotlb mapping.<br /> In addition, if dma_map_single fails, it should return immediately<br /> instead of continuing doing the DMA operation which bases on invalid<br /> address.<br /> <br /> This fixes the following crash which occurs in reading a big block<br /> from flash:<br /> <br /> [ 123.633577] zynqmp-qspi ff0f0000.spi: swiotlb buffer is full (sz: 4194304 bytes), total 32768 (slots), used 0 (slots)<br /> [ 123.644230] zynqmp-qspi ff0f0000.spi: ERR:rxdma:memory not mapped<br /> [ 123.784625] Unable to handle kernel paging request at virtual address 00000000003fffc0<br /> [ 123.792536] Mem abort info:<br /> [ 123.795313] ESR = 0x96000145<br /> [ 123.798351] EC = 0x25: DABT (current EL), IL = 32 bits<br /> [ 123.803655] SET = 0, FnV = 0<br /> [ 123.806693] EA = 0, S1PTW = 0<br /> [ 123.809818] Data abort info:<br /> [ 123.812683] ISV = 0, ISS = 0x00000145<br /> [ 123.816503] CM = 1, WnR = 1<br /> [ 123.819455] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000805047000<br /> [ 123.825887] [00000000003fffc0] pgd=0000000803b45003, p4d=0000000803b45003, pud=0000000000000000<br /> [ 123.834586] Internal error: Oops: 96000145 [#1] PREEMPT SMP
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2025

CVE-2021-47048

Publication date:
28/02/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> spi: spi-zynqmp-gqspi: fix use-after-free in zynqmp_qspi_exec_op<br /> <br /> When handling op-&gt;addr, it is using the buffer "tmpbuf" which has been<br /> freed. This will trigger a use-after-free KASAN warning. Let&amp;#39;s use<br /> temporary variables to store op-&gt;addr.val and op-&gt;cmd.opcode to fix<br /> this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2024

CVE-2021-47049

Publication date:
28/02/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Drivers: hv: vmbus: Use after free in __vmbus_open()<br /> <br /> The "open_info" variable is added to the &amp;vmbus_connection.chn_msg_list,<br /> but the error handling frees "open_info" without removing it from the<br /> list. This will result in a use after free. First remove it from the<br /> list, and then free it.
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2024

CVE-2021-47050

Publication date:
28/02/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> memory: renesas-rpc-if: fix possible NULL pointer dereference of resource<br /> <br /> The platform_get_resource_byname() can return NULL which would be<br /> immediately dereferenced by resource_size(). Instead dereference it<br /> after validating the resource.<br /> <br /> Addresses-Coverity: Dereference null return value
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2024

CVE-2021-47051

Publication date:
28/02/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware()<br /> <br /> pm_runtime_get_sync will increment pm usage counter even it failed.<br /> Forgetting to putting operation will result in reference leak here.<br /> Fix it by replacing it with pm_runtime_resume_and_get to keep usage<br /> counter balanced.
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2024

CVE-2021-47052

Publication date:
28/02/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> crypto: sa2ul - Fix memory leak of rxd<br /> <br /> There are two error return paths that are not freeing rxd and causing<br /> memory leaks. Fix these.<br /> <br /> Addresses-Coverity: ("Resource leak")
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2024

CVE-2021-47053

Publication date:
28/02/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> crypto: sun8i-ss - Fix memory leak of pad<br /> <br /> It appears there are several failure return paths that don&amp;#39;t seem<br /> to be free&amp;#39;ing pad. Fix these.<br /> <br /> Addresses-Coverity: ("Resource leak")
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2024

CVE-2023-6922

Publication date:
28/02/2024
The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the &amp;#39;acx_csma_subscribe_ajax&amp;#39; function. This can allow authenticated attackers to extract sensitive data such as names and email addresses of subscribed visitors.
Severity CVSS v4.0: Pending analysis
Last modification:
07/02/2025

CVE-2024-0431

Publication date:
28/02/2024
The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the &amp;#39;ajax_set_default_card&amp;#39; function. This makes it possible for unauthenticated attackers to set the default card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity CVSS v4.0: Pending analysis
Last modification:
25/02/2025

CVE-2021-47018

Publication date:
28/02/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> powerpc/64: Fix the definition of the fixmap area<br /> <br /> At the time being, the fixmap area is defined at the top of<br /> the address space or just below KASAN.<br /> <br /> This definition is not valid for PPC64.<br /> <br /> For PPC64, use the top of the I/O space.<br /> <br /> Because of circular dependencies, it is not possible to include<br /> asm/fixmap.h in asm/book3s/64/pgtable.h , so define a fixed size<br /> AREA at the top of the I/O space for fixmap and ensure during<br /> build that the size is big enough.
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2025

CVE-2021-47019

Publication date:
28/02/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mt76: mt7921: fix possible invalid register access<br /> <br /> Disable the interrupt and synchronze for the pending irq handlers to ensure<br /> the irq tasklet is not being scheduled after the suspend to avoid the<br /> possible invalid register access acts when the host pcie controller is<br /> suspended.<br /> <br /> [17932.910534] mt7921e 0000:01:00.0: pci_pm_suspend+0x0/0x22c returned 0 after 21375 usecs<br /> [17932.910590] pcieport 0000:00:00.0: calling pci_pm_suspend+0x0/0x22c @ 18565, parent: pci0000:00<br /> [17932.910602] pcieport 0000:00:00.0: pci_pm_suspend+0x0/0x22c returned 0 after 8 usecs<br /> [17932.910671] mtk-pcie 11230000.pcie: calling platform_pm_suspend+0x0/0x60 @ 22783, parent: soc<br /> [17932.910674] mtk-pcie 11230000.pcie: platform_pm_suspend+0x0/0x60 returned 0 after 0 usecs<br /> <br /> ...<br /> <br /> 17933.615352] x1 : 00000000000d4200 x0 : ffffff8269ca2300<br /> [17933.620666] Call trace:<br /> [17933.623127] mt76_mmio_rr+0x28/0xf0 [mt76]<br /> [17933.627234] mt7921_rr+0x38/0x44 [mt7921e]<br /> [17933.631339] mt7921_irq_tasklet+0x54/0x1d8 [mt7921e]<br /> [17933.636309] tasklet_action_common+0x12c/0x16c<br /> [17933.640754] tasklet_action+0x24/0x2c<br /> [17933.644418] __do_softirq+0x16c/0x344<br /> [17933.648082] irq_exit+0xa8/0xac<br /> [17933.651224] scheduler_ipi+0xd4/0x148<br /> [17933.654890] handle_IPI+0x164/0x2d4<br /> [17933.658379] gic_handle_irq+0x140/0x178<br /> [17933.662216] el1_irq+0xb8/0x180<br /> [17933.665361] cpuidle_enter_state+0xf8/0x204<br /> [17933.669544] cpuidle_enter+0x38/0x4c<br /> [17933.673122] do_idle+0x1a4/0x2a8<br /> [17933.676352] cpu_startup_entry+0x24/0x28<br /> [17933.680276] rest_init+0xd4/0xe0<br /> [17933.683508] arch_call_rest_init+0x10/0x18<br /> [17933.687606] start_kernel+0x340/0x3b4<br /> [17933.691279] Code: aa0003f5 d503201f f953eaa8 8b344108 (b9400113)<br /> [17933.697373] ---[ end trace a24b8e26ffbda3c5 ]---<br /> [17933.767846] Kernel panic - not syncing: Fatal exception in interrupt
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2025

CVE-2021-47021

Publication date:
28/02/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mt76: mt7915: fix memleak when mt7915_unregister_device()<br /> <br /> mt7915_tx_token_put() should get call before mt76_free_pending_txwi().
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2024