Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-13016

Publication date:
29/12/2024
A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-category.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
18/02/2025

CVE-2024-13015

Publication date:
29/12/2024
A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/search-booking-request.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely.
Severity CVSS v4.0: MEDIUM
Last modification:
18/02/2025

CVE-2024-13014

Publication date:
29/12/2024
A vulnerability has been found in PHPGurukul Maid Hiring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/search-maid.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
18/02/2025

CVE-2024-13013

Publication date:
29/12/2024
A vulnerability, which was classified as problematic, was found in PHPGurukul Maid Hiring Management System 1.0. Affected is an unknown function of the file /admin/contactus.php of the component Contact Us Page. The manipulation of the argument page title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
18/02/2025

CVE-2024-56755

Publication date:
29/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING<br /> <br /> In fscache_create_volume(), there is a missing memory barrier between the<br /> bit-clearing operation and the wake-up operation. This may cause a<br /> situation where, after a wake-up, the bit-clearing operation hasn&amp;#39;t been<br /> detected yet, leading to an indefinite wait. The triggering process is as<br /> follows:<br /> <br /> [cookie1] [cookie2] [volume_work]<br /> fscache_perform_lookup<br /> fscache_create_volume<br /> fscache_perform_lookup<br /> fscache_create_volume<br /> fscache_create_volume_work<br /> cachefiles_acquire_volume<br /> clear_and_wake_up_bit<br /> test_and_set_bit<br /> test_and_set_bit<br /> goto maybe_wait<br /> goto no_wait<br /> <br /> In the above process, cookie1 and cookie2 has the same volume. When cookie1<br /> enters the -no_wait- process, it will clear the bit and wake up the waiting<br /> process. If a barrier is missing, it may cause cookie2 to remain in the<br /> -wait- process indefinitely.<br /> <br /> In commit 3288666c7256 ("fscache: Use clear_and_wake_up_bit() in<br /> fscache_create_volume_work()"), barriers were added to similar operations<br /> in fscache_create_volume_work(), but fscache_create_volume() was missed.<br /> <br /> By combining the clear and wake operations into clear_and_wake_up_bit() to<br /> fix this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2024-56756

Publication date:
29/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nvme-pci: fix freeing of the HMB descriptor table<br /> <br /> The HMB descriptor table is sized to the maximum number of descriptors<br /> that could be used for a given device, but __nvme_alloc_host_mem could<br /> break out of the loop earlier on memory allocation failure and end up<br /> using less descriptors than planned for, which leads to an incorrect<br /> size passed to dma_free_coherent.<br /> <br /> In practice this was not showing up because the number of descriptors<br /> tends to be low and the dma coherent allocator always allocates and<br /> frees at least a page.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2024-56750

Publication date:
29/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> erofs: fix blksize s_blocksize{,_bits} directly for file-backed<br /> mounts when the fs block size is smaller than PAGE_SIZE.<br /> <br /> Previously, EROFS used sb_set_blocksize(), which caused<br /> a panic if bdev-backed mounts is not used.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2024-56749

Publication date:
29/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dlm: fix dlm_recover_members refcount on error<br /> <br /> If dlm_recover_members() fails we don&amp;#39;t drop the references of the<br /> previous created root_list that holds and keep all rsbs alive during the<br /> recovery. It might be not an unlikely event because ping_members() could<br /> run into an -EINTR if another recovery progress was triggered again.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2024-56752

Publication date:
29/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new()<br /> <br /> When the call to gf100_grctx_generate() fails, unlock gr-&gt;fecs.mutex<br /> before returning the error.<br /> <br /> Fixes smatch warning:<br /> <br /> drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c:480 gf100_gr_chan_new() warn: inconsistent returns &amp;#39;&amp;gr-&gt;fecs.mutex&amp;#39;.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2024-56753

Publication date:
29/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu/gfx9: Add Cleaner Shader Deinitialization in gfx_v9_0 Module<br /> <br /> This commit addresses an omission in the previous patch related to the<br /> cleaner shader support for GFX9 hardware. Specifically, it adds the<br /> necessary deinitialization code for the cleaner shader in the<br /> gfx_v9_0_sw_fini function.<br /> <br /> The added line amdgpu_gfx_cleaner_shader_sw_fini(adev); ensures that any<br /> allocated resources for the cleaner shader are freed correctly, avoiding<br /> potential memory leaks and ensuring that the GPU state is clean for the<br /> next initialization sequence.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2024-56754

Publication date:
29/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> crypto: caam - Fix the pointer passed to caam_qi_shutdown()<br /> <br /> The type of the last parameter given to devm_add_action_or_reset() is<br /> "struct caam_drv_private *", but in caam_qi_shutdown(), it is casted to<br /> "struct device *".<br /> <br /> Pass the correct parameter to devm_add_action_or_reset() so that the<br /> resources are released as expected.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2024-56747

Publication date:
29/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()<br /> <br /> Hook "qedi_ops-&gt;common-&gt;sb_init = qed_sb_init" does not release the DMA<br /> memory sb_virt when it fails. Add dma_free_coherent() to free it. This<br /> is the same way as qedr_alloc_mem_sb() and qede_alloc_mem_sb().
Severity CVSS v4.0: Pending analysis
Last modification:
17/04/2025