Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-29604
Publication date:
20/04/2023
An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a network operator. Improper handling of case sensitivity causes inconsistency between intent and flow rules in the network.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2025

CVE-2022-24109
Publication date:
20/04/2023
An issue was discovered in ONOS 2.5.1. To attack an intent installed by a normal user, a remote attacker can install a duplicate intent with a different key, and then remove the duplicate one. This will remove the flow rules of the intent, even though the intent still exists in the controller.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2025

CVE-2022-24035
Publication date:
20/04/2023
An issue was discovered in ONOS 2.5.1. The purge-requested intent remains on the list, but it does not respond to changes in topology (e.g., link failure). In combination with other applications, it could lead to a failure of network management.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2025

CVE-2021-38364
Publication date:
20/04/2023
An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of flow rules installed by intents. A remote attacker can install or remove a new intent, and consequently modify or delete the existing flow rules related to other intents.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2025

CVE-2021-38363
Publication date:
20/04/2023
An issue was discovered in ONOS 2.5.1. In IntentManager, the install-requested intent (which causes an exception) remains in pendingMap (in memory) forever. Deletion is possible neither by a user nor by the intermittent Intent Cleanup process.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2025

CVE-2023-1767
Publication date:
20/04/2023
The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. A feature of Snyk Advisor is to display the contents of a scanned package's Readme on its package health page. An attacker could create a package in NPM with an associated markdown README file containing XSS-able HTML tags. Upon Snyk Advisor importing the package, the XSS would run each time an end user browsed to the package's page on Snyk Advisor.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2023

CVE-2023-2193
Publication date:
20/04/2023
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2023

CVE-2023-2112
Publication date:
20/04/2023
Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0.
Severity CVSS v4.0: Pending analysis
Last modification:
23/02/2026

CVE-2023-0383
Publication date:
20/04/2023
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1<br /> <br /> due to uncontrolled memory consumption.
Severity CVSS v4.0: Pending analysis
Last modification:
23/02/2026

CVE-2023-0384
Publication date:
20/04/2023
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1<br /> <br /> due to uncontrolled memory consumption for a scheduled job.
Severity CVSS v4.0: Pending analysis
Last modification:
23/02/2026

CVE-2023-28047
Publication date:
20/04/2023
<br /> Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2023

CVE-2022-4942
Publication date:
20/04/2023
A vulnerability was found in mportuga eslint-detailed-reporter up to 0.9.0 and classified as problematic. Affected by this issue is the function renderIssue in the library lib/template-generator.js. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The patch is identified as 505c190efd4905990db6207863bdcbd9b1d7e1bd. It is recommended to apply a patch to fix this issue. VDB-226310 is the identifier assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024
Subscribe to Vulnerabilities