Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-26391
Publication date:
09/11/2022
Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2021-26392
Publication date:
09/11/2022
Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.
Severity CVSS v4.0: Pending analysis
Last modification:
16/09/2024

CVE-2021-26393
Publication date:
09/11/2022
Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.
Severity CVSS v4.0: Pending analysis
Last modification:
16/09/2024

CVE-2021-46851
Publication date:
09/11/2022
The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2020-12931
Publication date:
09/11/2022
Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
Severity CVSS v4.0: Pending analysis
Last modification:
17/09/2024

CVE-2021-26360
Publication date:
09/11/2022
An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2020-12930
Publication date:
09/11/2022
Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
Severity CVSS v4.0: Pending analysis
Last modification:
17/09/2024

CVE-2022-42965
Publication date:
09/11/2022
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented get_file_transfer_type method
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2023

CVE-2022-42966
Publication date:
09/11/2022
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2023

CVE-2022-42964
Publication date:
09/11/2022
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2025

CVE-2022-3449
Publication date:
09/11/2022
Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
24/10/2024

CVE-2022-3450
Publication date:
09/11/2022
Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
23/10/2024
Subscribe to Vulnerabilities