Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-49063

Publication date:
12/12/2024
Microsoft/Muzic Remote Code Execution Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2025

CVE-2024-49064

Publication date:
12/12/2024
Microsoft SharePoint Information Disclosure Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2025

CVE-2024-49065

Publication date:
12/12/2024
Microsoft Office Remote Code Execution Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2025

CVE-2024-49068

Publication date:
12/12/2024
Microsoft SharePoint Elevation of Privilege Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2025

CVE-2024-49069

Publication date:
12/12/2024
Microsoft Excel Remote Code Execution Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2025

CVE-2024-49057

Publication date:
12/12/2024
Microsoft Defender for Endpoint on Android Spoofing Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2025

CVE-2024-47834

Publication date:
12/12/2024
GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10.
Severity CVSS v4.0: MEDIUM
Last modification:
18/12/2024

CVE-2024-47835

Publication date:
12/12/2024
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character ']', strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. This vulnerability is fixed in 1.24.10.
Severity CVSS v4.0: MEDIUM
Last modification:
18/12/2024

CVE-2024-47776

Publication date:
12/12/2024
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch causes the comparison if (size
Severity CVSS v4.0: MEDIUM
Last modification:
18/12/2024

CVE-2024-47778

Publication date:
12/12/2024
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. As a result, an OOB read occurs in the following while loop. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.
Severity CVSS v4.0: MEDIUM
Last modification:
18/12/2024

CVE-2024-47777

Publication date:
12/12/2024
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is sufficient. If the buffer is too small, the function reads beyond its bounds. This vulnerability may result in reading 4 bytes out of the boundaries of the data buffer. This vulnerability is fixed in 1.24.10.
Severity CVSS v4.0: MEDIUM
Last modification:
18/12/2024

CVE-2024-47774

Publication date:
12/12/2024
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without checking it properly. Then, the a condition, does not properly handle cases where name_length is greater than 0xFFFFFFFF - 17, causing an integer overflow. In such scenario, the function attempts to access memory beyond the buffer leading to an OOB-read. This vulnerability is fixed in 1.24.10.
Severity CVSS v4.0: MEDIUM
Last modification:
18/12/2024