Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-45019
Publication date:
11/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/mlx5e: Take state lock during tx timeout reporter<br /> <br /> mlx5e_safe_reopen_channels() requires the state lock taken. The<br /> referenced changed in the Fixes tag removed the lock to fix another<br /> issue. This patch adds it back but at a later point (when calling<br /> mlx5e_safe_reopen_channels()) to avoid the deadlock referenced in the<br /> Fixes tag.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-39378
Publication date:
11/09/2024
Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2024

CVE-2024-4465
Publication date:
11/09/2024
An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges.<br /> <br /> <br /> <br /> If a logged-in user with reporting privileges learns how to create a specific application request, they might be able to make limited changes to the reporting configuration. This could result in a partial loss of data integrity. In Guardian/CMC instances with a reporting configuration, there could be limited Denial of Service (DoS) impacts, as the reports may not reach their intended destination, and there could also be limited information disclosure impacts. Furthermore, modifying the destination SMTP server for the reports could lead to the compromise of external credentials, as they might be sent to an unauthorized server. This could expand the scope of the attack.
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2024

CVE-2024-8306
Publication date:
11/09/2024
CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized<br /> access, loss of confidentiality, integrity and availability of the workstation when non-admin<br /> authenticated user tries to perform privilege escalation by tampering with the binaries.
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2024

CVE-2024-43793
Publication date:
11/09/2024
Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.19.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user&amp;#39;s browser through specific HTML and JavaScript code, potentially leading to a Cross-Site Scripting (XSS) attack. This vulnerability is fixed in 2.19.0.
Severity CVSS v4.0: Pending analysis
Last modification:
16/09/2024

CVE-2024-8638
Publication date:
11/09/2024
Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2024

CVE-2024-8639
Publication date:
11/09/2024
Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2024

CVE-2024-8642
Publication date:
11/09/2024
In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. The issue requires to have a dataplane configured to support http proxy consumer pull AND include the module "transfer-data-plane". The affected code was marked deprecated from the version 0.6.0 in favour of Dataplane Signaling. In 0.9.0 the vulnerable code has been removed.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2024

CVE-2024-8646
Publication date:
11/09/2024
In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed.<br /> This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish.<br /> This vulnerability only affects applications that are explicitly deployed to the root context (&amp;#39;/&amp;#39;).
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2024

CVE-2024-7805
Publication date:
11/09/2024
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2024

CVE-2024-27114
Publication date:
11/09/2024
A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the underlying system. The vulnerability has been remediated in version 1.52.02.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2024

CVE-2024-27115
Publication date:
11/09/2024
A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution of code on the underlying system when the file is triggered. The vulnerability has been remediated in version 1.52.02.
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2024
Subscribe to Vulnerabilities