Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-24394
Publication date:
17/05/2022
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “update_checkfile” value for the “filename” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
26/05/2022

CVE-2022-28186
Publication date:
17/05/2022
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service or data tampering.
Severity CVSS v4.0: Pending analysis
Last modification:
26/05/2022

CVE-2022-28181
Publication date:
17/05/2022
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.
Severity CVSS v4.0: Pending analysis
Last modification:
13/10/2023

CVE-2022-28182
Publication date:
17/05/2022
NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.
Severity CVSS v4.0: Pending analysis
Last modification:
26/05/2022

CVE-2022-28183
Publication date:
17/05/2022
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
15/10/2023

CVE-2022-28184
Publication date:
17/05/2022
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering.
Severity CVSS v4.0: Pending analysis
Last modification:
15/10/2023

CVE-2022-28185
Publication date:
17/05/2022
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data tampering.
Severity CVSS v4.0: Pending analysis
Last modification:
15/10/2023

CVE-2021-35249
Publication date:
17/05/2022
This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed.
Severity CVSS v4.0: Pending analysis
Last modification:
27/10/2022

CVE-2022-24890
Publication date:
17/05/2022
Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There are currently no known workarounds.
Severity CVSS v4.0: Pending analysis
Last modification:
26/05/2022

CVE-2022-29429
Publication date:
17/05/2022
Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Extended plugin
Severity CVSS v4.0: Pending analysis
Last modification:
07/10/2022

CVE-2022-1735
Publication date:
17/05/2022
Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.
Severity CVSS v4.0: Pending analysis
Last modification:
03/05/2023

CVE-2022-23674
Publication date:
17/05/2022
A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
02/09/2022
Subscribe to Vulnerabilities