Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-46756
Publication date:
09/05/2023
Insufficient validation of inputs in<br /> SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an<br /> attacker with a malicious Uapp or ABL to send malformed or invalid syscall to<br /> the bootloader resulting in a potential denial of service and loss of<br /> integrity.<br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/01/2025

CVE-2021-46773
Publication date:
09/05/2023
Insufficient input validation in ABL may enable<br /> a privileged attacker to corrupt ASP memory, potentially resulting in a loss of<br /> integrity or code execution.<br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/01/2025

CVE-2021-46792
Publication date:
09/05/2023
Time-of-check Time-of-use (TOCTOU) in the<br /> BIOS2PSP command may allow an attacker with a malicious BIOS to create a race<br /> condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon<br /> an S3 resume event potentially leading to a denial of service.<br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/01/2025

CVE-2021-46794
Publication date:
09/05/2023
Insufficient bounds checking in ASP (AMD Secure<br /> Processor) may allow for an out of bounds read in SMI (System Management<br /> Interface) mailbox checksum calculation triggering a data abort, resulting in a<br /> potential denial of service.<br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/01/2025

CVE-2021-46762
Publication date:
09/05/2023
Insufficient input validation in the SMU may<br /> allow an attacker to corrupt SMU SRAM potentially leading to a loss of<br /> integrity or denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
18/06/2024

CVE-2021-46753
Publication date:
09/05/2023
Failure to validate the length fields of the ASP<br /> (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a<br /> malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite<br /> data structures leading to a potential loss of confidentiality and integrity.<br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/01/2025

CVE-2021-46763
Publication date:
09/05/2023
Insufficient input validation in the SMU may<br /> enable a privileged attacker to write beyond the intended bounds of a shared<br /> memory buffer potentially leading to a loss of integrity.<br /> <br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/01/2025

CVE-2021-46764
Publication date:
09/05/2023
Improper validation of DRAM addresses in SMU may<br /> allow an attacker to overwrite sensitive memory locations within the ASP<br /> potentially resulting in a denial of service.<br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/01/2025

CVE-2021-46769
Publication date:
09/05/2023
Insufficient syscall input validation in the ASP<br /> Bootloader may allow a privileged attacker to execute arbitrary DMA copies,<br /> which can lead to code execution. <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/01/2025

CVE-2021-46775
Publication date:
09/05/2023
Improper input validation in ABL may enable an<br /> attacker with physical access, to perform arbitrary memory overwrites,<br /> potentially leading to a loss of integrity and code execution.<br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/01/2025

CVE-2022-23818
Publication date:
09/05/2023
Insufficient input validation on the model<br /> specific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest<br /> memory integrity.<br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/01/2025

CVE-2023-20520
Publication date:
09/05/2023
Improper access control settings in ASP<br /> Bootloader may allow an attacker to corrupt the return address causing a<br /> stack-based buffer overrun potentially leading to arbitrary code execution.<br /> <br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/01/2025
Subscribe to Vulnerabilities