Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-27098
Publication date:
18/03/2024
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13.
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2025

CVE-2024-27096
Publication date:
18/03/2024
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in version 10.0.13.
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2025

CVE-2024-2051
Publication date:
18/03/2024
<br /> CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that<br /> could cause account takeover and unauthorized access to the system when an attacker<br /> conducts brute-force attacks against the login form.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2024

CVE-2024-2052
Publication date:
18/03/2024
<br /> CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow<br /> unauthenticated files and logs exfiltration and download of files when an attacker modifies the<br /> URL to download to a different location.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2024

CVE-2024-2229
Publication date:
18/03/2024
<br /> CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code<br /> execution when a malicious project file is loaded into the application by a valid user.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2024

CVE-2024-2390
Publication date:
18/03/2024
<br /> As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2024

CVE-2024-2050
Publication date:
18/03/2024
<br /> CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)<br /> vulnerability exists when an attacker injects then executes arbitrary malicious JavaScript code<br /> within the context of the product.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2024

CVE-2024-20757
Publication date:
18/03/2024
Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity CVSS v4.0: Pending analysis
Last modification:
04/12/2024

CVE-2024-27930
Publication date:
18/03/2024
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13.
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2025

CVE-2024-27937
Publication date:
18/03/2024
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2025

CVE-2024-20756
Publication date:
18/03/2024
Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity CVSS v4.0: Pending analysis
Last modification:
04/12/2024

CVE-2024-20755
Publication date:
18/03/2024
Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity CVSS v4.0: Pending analysis
Last modification:
04/12/2024
Subscribe to Vulnerabilities