Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-33250
Publication date:
10/03/2023
Transient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE handover.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2024

CVE-2022-33254
Publication date:
10/03/2023
Transient DOS due to reachable assertion in Modem while processing SIB1 Message.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2024

CVE-2022-33256
Publication date:
10/03/2023
Memory corruption due to improper validation of array index in Multi-mode call processor.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2024

CVE-2022-33257
Publication date:
10/03/2023
Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2024

CVE-2022-30996
Publication date:
10/03/2023
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-25694
Publication date:
10/03/2023
Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2024

CVE-2022-25709
Publication date:
10/03/2023
Memory corruption in modem due to use of out of range pointer offset while processing qmi msg
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2024

CVE-2022-25655
Publication date:
10/03/2023
Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2024

CVE-2022-33245
Publication date:
10/03/2023
Memory corruption in WLAN due to use after free
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2024

CVE-2021-27788
Publication date:
10/03/2023
HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability.  By tricking a user into clicking a crafted URL, a remote unauthenticated attacker could execute script in a victim&amp;#39;s web browser to perform operations as the victim and/or steal the victim&amp;#39;s cookies, session tokens, or other sensitive information.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025

CVE-2020-5002
Publication date:
10/03/2023
IBM Financial Transaction Manager 3.2.0 through 3.2.10 could allow an authenticated user to perform unauthorized actions due to improper validation. IBM X-Force ID: 192954.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-20929
Publication date:
10/03/2023
A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload.<br /> This vulnerability is due to insufficient cryptographic signature verification of upgrade files. An attacker could exploit this vulnerability by providing an administrator with an unauthentic upgrade file. A successful exploit could allow the attacker to fully compromise the Cisco NFVIS system.
Severity CVSS v4.0: Pending analysis
Last modification:
25/01/2024
Subscribe to Vulnerabilities