Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-4131

Publication date:
11/10/2024
A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
17/10/2024

CVE-2024-5474

Publication date:
11/10/2024
A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
15/11/2024

CVE-2024-6985

Publication date:
11/10/2024
A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The issue arises due to improper sanitization of the personality_folder parameter, which can be exploited to traverse directories and access arbitrary files.
Severity CVSS v4.0: Pending analysis
Last modification:
15/11/2024

CVE-2024-8376

Publication date:
11/10/2024
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.
Severity CVSS v4.0: HIGH
Last modification:
15/11/2024

CVE-2024-47509

Publication date:
11/10/2024
An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover.<br /> <br /> GUID exhaustion will trigger a syslog message like one of the following:<br /> <br /> evo-pfemand[]: get_next_guid: Ran out of Guid Space ...<br /> evo-aftmand-zx[]: get_next_guid: Ran out of Guid Space ...<br /> The leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids:<br /> <br /> <br /> <br /> <br /> <br /> user@host&gt; show platform application-info allocations app evo-pfemand/evo-pfemand<br /> <br /> <br /> <br /> In case one or more of these values are constantly increasing the leak is happening.<br /> <br /> This issue affects Junos OS Evolved:<br /> <br /> <br /> <br /> * All versions before 21.4R2-EVO,<br /> * 22.1 versions before 22.1R2-EVO.<br /> <br /> <br /> <br /> <br /> <br /> Please note that this issue is similar to, but different from CVE-2024-47505 and CVE-2024-47508.
Severity CVSS v4.0: HIGH
Last modification:
15/10/2024

CVE-2024-48813

Publication date:
11/10/2024
SQL injection vulnerability in employee-management-system-php-and-mysql-free-download.html taskmatic 1.0 allows a remote attacker to execute arbitrary code via the admin_id parameter of the /update-employee.php component.
Severity CVSS v4.0: Pending analysis
Last modification:
15/10/2024

CVE-2024-48827

Publication date:
11/10/2024
An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function.
Severity CVSS v4.0: Pending analysis
Last modification:
15/10/2024

CVE-2024-4130

Publication date:
11/10/2024
A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
17/10/2024

CVE-2024-4089

Publication date:
11/10/2024
A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
17/10/2024

CVE-2024-47505

Publication date:
11/10/2024
An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover.<br /> <br /> GUID exhaustion will trigger a syslog message like one of the following:<br /> <br /> evo-pfemand[]: get_next_guid: Ran out of Guid Space ...<br /> evo-aftmand-zx[]: get_next_guid: Ran out of Guid Space ...<br /> The leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids:<br /> <br /> <br /> <br /> <br /> <br /> user@host&gt; show platform application-info allocations app evo-pfemand/evo-pfemand<br /> <br /> <br /> <br /> In case one or more of these values are constantly increasing the leak is happening.<br /> <br /> This issue affects Junos OS Evolved:<br /> <br /> <br /> <br /> * All versions before 21.4R3-S7-EVO,<br /> * 22.1 versions before 22.1R3-S6-EVO,<br /> * 22.2 versions before 22.2R3-EVO, <br /> <br /> * 22.3 versions before 22.3R3-EVO,<br /> * 22.4 versions before 22.4R2-EVO.<br /> <br /> <br /> <br /> Please note that this issue is similar to, but different from CVE-2024-47508 and CVE-2024-47509.
Severity CVSS v4.0: HIGH
Last modification:
15/10/2024

CVE-2024-47506

Publication date:
11/10/2024
A Deadlock vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).<br /> <br /> When a large amount of traffic is processed by ATP Cloud inspection, a deadlock can occur which will result in a PFE crash and restart. Whether the crash occurs, depends on system internal timing that is outside the attackers control.<br /> <br /> <br /> <br /> This issue affects Junos OS on SRX Series:<br /> <br /> <br /> <br /> * All versions before 21.3R3-S1,<br /> * 21.4 versions before 21.4R3,<br /> * 22.1 versions before 22.1R2,<br /> * 22.2 versions before 22.2R1-S2, 22.2R2.
Severity CVSS v4.0: HIGH
Last modification:
15/10/2024

CVE-2024-47507

Publication date:
11/10/2024
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an integrity impact to the downstream devices.<br /> <br /> When a peer sends a BGP update message which contains the aggregator attribute with an ASN value of zero (0), rpd accepts and propagates this attribute, which can cause issues for downstream BGP peers receiving this.<br /> <br /> <br /> <br /> This issue affects:<br /> <br /> Junos OS:<br /> <br /> <br /> <br /> * All versions before 21.4R3-S6,<br /> * 22.2 versions before 22.2R3-S3,<br /> * 22.4 versions before 22.4R3; <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> Junos OS Evolved: <br /> <br /> <br /> <br /> * All versions before 21.4R3-S7-EVO,<br /> * 22.2 versions before 22.2R3-S4-EVO,<br /> * 22.4 versions before 22.4R3-EVO.
Severity CVSS v4.0: MEDIUM
Last modification:
15/10/2024