Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-35715
Publication date:
08/06/2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in peregrinethemes Bloglo, peregrinethemes Blogvi allows Stored XSS.This issue affects Bloglo: from n/a through 1.1.3; Blogvi: from n/a through 1.0.5.
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2024

CVE-2024-35718
Publication date:
08/06/2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.5.
Severity CVSS v4.0: Pending analysis
Last modification:
29/08/2024

CVE-2024-35708
Publication date:
08/06/2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in apollo13themes Rife Free allows Stored XSS.This issue affects Rife Free: from n/a through 2.4.19.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2024

CVE-2024-35709
Publication date:
08/06/2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.5.4.
Severity CVSS v4.0: Pending analysis
Last modification:
17/07/2024

CVE-2024-35710
Publication date:
08/06/2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Podlove Podlove Web Player.This issue affects Podlove Web Player: from n/a through 5.7.3.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2024

CVE-2024-35711
Publication date:
08/06/2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Event allows Stored XSS.This issue affects Event: from n/a through 1.2.2.
Severity CVSS v4.0: Pending analysis
Last modification:
29/08/2024

CVE-2024-35707
Publication date:
08/06/2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Stored XSS.This issue affects Heateor Social Login: from n/a through 1.1.32.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2024

CVE-2024-36967
Publication date:
08/06/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> KEYS: trusted: Fix memory leak in tpm2_key_encode()<br /> <br /> &amp;#39;scratch&amp;#39; is never freed. Fix this by calling kfree() in the success, and<br /> in the error case.
Severity CVSS v4.0: Pending analysis
Last modification:
17/07/2024

CVE-2024-36968
Publication date:
08/06/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()<br /> <br /> l2cap_le_flowctl_init() can cause both div-by-zero and an integer<br /> overflow since hdev-&gt;le_mtu may not fall in the valid range.<br /> <br /> Move MTU from hci_dev to hci_conn to validate MTU and stop the connection<br /> process earlier if MTU is invalid.<br /> Also, add a missing validation in read_buffer_size() and make it return<br /> an error value if the validation fails.<br /> Now hci_conn_add() returns ERR_PTR() as it can fail due to the both a<br /> kzalloc failure and invalid MTU value.<br /> <br /> divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI<br /> CPU: 0 PID: 67 Comm: kworker/u5:0 Tainted: G W 6.9.0-rc5+ #20<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014<br /> Workqueue: hci0 hci_rx_work<br /> RIP: 0010:l2cap_le_flowctl_init+0x19e/0x3f0 net/bluetooth/l2cap_core.c:547<br /> Code: e8 17 17 0c 00 66 41 89 9f 84 00 00 00 bf 01 00 00 00 41 b8 02 00 00 00 4c<br /> 89 fe 4c 89 e2 89 d9 e8 27 17 0c 00 44 89 f0 31 d2 f7 f3 89 c3 ff c3 4d 8d<br /> b7 88 00 00 00 4c 89 f0 48 c1 e8 03 42<br /> RSP: 0018:ffff88810bc0f858 EFLAGS: 00010246<br /> RAX: 00000000000002a0 RBX: 0000000000000000 RCX: dffffc0000000000<br /> RDX: 0000000000000000 RSI: ffff88810bc0f7c0 RDI: ffffc90002dcb66f<br /> RBP: ffff88810bc0f880 R08: aa69db2dda70ff01 R09: 0000ffaaaaaaaaaa<br /> R10: 0084000000ffaaaa R11: 0000000000000000 R12: ffff88810d65a084<br /> R13: dffffc0000000000 R14: 00000000000002a0 R15: ffff88810d65a000<br /> FS: 0000000000000000(0000) GS:ffff88811ac00000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 0000000020000100 CR3: 0000000103268003 CR4: 0000000000770ef0<br /> PKRU: 55555554<br /> Call Trace:<br /> <br /> l2cap_le_connect_req net/bluetooth/l2cap_core.c:4902 [inline]<br /> l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:5420 [inline]<br /> l2cap_le_sig_channel net/bluetooth/l2cap_core.c:5486 [inline]<br /> l2cap_recv_frame+0xe59d/0x11710 net/bluetooth/l2cap_core.c:6809<br /> l2cap_recv_acldata+0x544/0x10a0 net/bluetooth/l2cap_core.c:7506<br /> hci_acldata_packet net/bluetooth/hci_core.c:3939 [inline]<br /> hci_rx_work+0x5e5/0xb20 net/bluetooth/hci_core.c:4176<br /> process_one_work kernel/workqueue.c:3254 [inline]<br /> process_scheduled_works+0x90f/0x1530 kernel/workqueue.c:3335<br /> worker_thread+0x926/0xe70 kernel/workqueue.c:3416<br /> kthread+0x2e3/0x380 kernel/kthread.c:388<br /> ret_from_fork+0x5c/0x90 arch/x86/kernel/process.c:147<br /> ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244<br /> <br /> Modules linked in:<br /> ---[ end trace 0000000000000000 ]---
Severity CVSS v4.0: Pending analysis
Last modification:
17/07/2024

CVE-2024-36969
Publication date:
08/06/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Fix division by zero in setup_dsc_config<br /> <br /> When slice_height is 0, the division by slice_height in the calculation<br /> of the number of slices will cause a division by zero driver crash. This<br /> leaves the kernel in a state that requires a reboot. This patch adds a<br /> check to avoid the division by zero.<br /> <br /> The stack trace below is for the 6.8.4 Kernel. I reproduced the issue on<br /> a Z16 Gen 2 Lenovo Thinkpad with a Apple Studio Display monitor<br /> connected via Thunderbolt. The amdgpu driver crashed with this exception<br /> when I rebooted the system with the monitor connected.<br /> <br /> kernel: ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447)<br /> kernel: ? do_trap (arch/x86/kernel/traps.c:113 arch/x86/kernel/traps.c:154)<br /> kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu<br /> kernel: ? do_error_trap (./arch/x86/include/asm/traps.h:58 arch/x86/kernel/traps.c:175)<br /> kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu<br /> kernel: ? exc_divide_error (arch/x86/kernel/traps.c:194 (discriminator 2))<br /> kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu<br /> kernel: ? asm_exc_divide_error (./arch/x86/include/asm/idtentry.h:548)<br /> kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu<br /> kernel: dc_dsc_compute_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1109) amdgpu<br /> <br /> After applying this patch, the driver no longer crashes when the monitor<br /> is connected and the system is rebooted. I believe this is the same<br /> issue reported for 3113.
Severity CVSS v4.0: Pending analysis
Last modification:
17/07/2024

CVE-2024-36970
Publication date:
08/06/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: iwlwifi: Use request_module_nowait<br /> <br /> This appears to work around a deadlock regression that came in<br /> with the LED merge in 6.9.<br /> <br /> The deadlock happens on my system with 24 iwlwifi radios, so maybe<br /> it something like all worker threads are busy and some work that needs<br /> to complete cannot complete.<br /> <br /> [also remove unnecessary "load_module" var and now-wrong comment]
Severity CVSS v4.0: Pending analysis
Last modification:
03/02/2025

CVE-2024-37407
Publication date:
08/06/2024
Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025
Subscribe to Vulnerabilities