Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-36780
Publication date:
28/02/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> i2c: sprd: fix reference leak when pm_runtime_get_sync fails<br /> <br /> The PM reference count is not expected to be incremented on<br /> return in sprd_i2c_master_xfer() and sprd_i2c_remove().<br /> <br /> However, pm_runtime_get_sync will increment the PM reference<br /> count even failed. Forgetting to putting operation will result<br /> in a reference leak here.<br /> <br /> Replace it with pm_runtime_resume_and_get to keep usage<br /> counter balanced.
Severity CVSS v4.0: Pending analysis
Last modification:
19/03/2025

CVE-2020-36781
Publication date:
28/02/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> i2c: imx: fix reference leak when pm_runtime_get_sync fails<br /> <br /> In i2c_imx_xfer() and i2c_imx_remove(), the pm reference count<br /> is not expected to be incremented on return.<br /> <br /> However, pm_runtime_get_sync will increment pm reference count<br /> even failed. Forgetting to putting operation will result in a<br /> reference leak here.<br /> <br /> Replace it with pm_runtime_resume_and_get to keep usage<br /> counter balanced.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2024

CVE-2020-36782
Publication date:
28/02/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails<br /> <br /> The PM reference count is not expected to be incremented on<br /> return in lpi2c_imx_master_enable.<br /> <br /> However, pm_runtime_get_sync will increment the PM reference<br /> count even failed. Forgetting to putting operation will result<br /> in a reference leak here.<br /> <br /> Replace it with pm_runtime_resume_and_get to keep usage<br /> counter balanced.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2024

CVE-2020-36783
Publication date:
28/02/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> i2c: img-scb: fix reference leak when pm_runtime_get_sync fails<br /> <br /> The PM reference count is not expected to be incremented on<br /> return in functions img_i2c_xfer and img_i2c_init.<br /> <br /> However, pm_runtime_get_sync will increment the PM reference<br /> count even failed. Forgetting to putting operation will result<br /> in a reference leak here.<br /> <br /> Replace it with pm_runtime_resume_and_get to keep usage<br /> counter balanced.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2024

CVE-2020-36784
Publication date:
28/02/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> i2c: cadence: fix reference leak when pm_runtime_get_sync fails<br /> <br /> The PM reference count is not expected to be incremented on<br /> return in functions cdns_i2c_master_xfer and cdns_reg_slave.<br /> <br /> However, pm_runtime_get_sync will increment pm usage counter<br /> even failed. Forgetting to putting operation will result in a<br /> reference leak here.<br /> <br /> Replace it with pm_runtime_resume_and_get to keep usage<br /> counter balanced.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2024

CVE-2020-36785
Publication date:
28/02/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs()<br /> <br /> The "s3a_buf" is freed along with all the other items on the<br /> "asd-&gt;s3a_stats" list. It leads to a double free and a use after free.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2024

CVE-2020-36786
Publication date:
28/02/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: [next] staging: media: atomisp: fix memory leak of object flash<br /> <br /> In the case where the call to lm3554_platform_data_func returns an<br /> error there is a memory leak on the error return path of object<br /> flash. Fix this by adding an error return path that will free<br /> flash and rename labels fail2 to fail3 and fail1 to fail2.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2024

CVE-2024-1943
Publication date:
28/02/2024
The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the reset_customizer_options() function. This makes it possible for unauthenticated attackers to reset the themes settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2025

CVE-2024-27913
Publication date:
28/02/2024
ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2025

CVE-2024-1568
Publication date:
28/02/2024
The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApi_HtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2025

CVE-2024-1388
Publication date:
28/02/2024
The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_customizer_options() function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset the theme&amp;#39;s settings.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2025

CVE-2024-22723
Publication date:
28/02/2024
Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "media_folder" parameter in the URL, an attacker (in this case, an administrator) can navigate beyond the intended directory (the &amp;#39;media/&amp;#39; directory) to access sensitive files in other parts of the application&amp;#39;s file system.
Severity CVSS v4.0: Pending analysis
Last modification:
21/01/2025
Subscribe to Vulnerabilities