Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-44559
Publication date:
09/11/2022
The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44558
Publication date:
09/11/2022
The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44557
Publication date:
09/11/2022
The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44555
Publication date:
09/11/2022
The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44554
Publication date:
09/11/2022
The power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44553
Publication date:
09/11/2022
The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44552
Publication date:
09/11/2022
The lock screen module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44551
Publication date:
09/11/2022
The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44560
Publication date:
09/11/2022
The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44561
Publication date:
09/11/2022
The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44549
Publication date:
09/11/2022
The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44550
Publication date:
09/11/2022
The graphics display module has a UAF vulnerability when traversing graphic layers. Successful exploitation of this vulnerability may affect system availability.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025
Subscribe to Vulnerabilities