Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-44546
Publication date:
09/11/2022
The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Successful exploitation of this vulnerability may cause a system restart.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-43058
Publication date:
09/11/2022
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms//classes/Master.php?f=delete_activity.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-43031
Publication date:
09/11/2022
DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-43310
Publication date:
09/11/2022
An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-31687
Publication date:
09/11/2022
VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-31688
Publication date:
09/11/2022
VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-31689
Publication date:
09/11/2022
VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-31685
Publication date:
09/11/2022
VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-31686
Publication date:
09/11/2022
VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-27674
Publication date:
09/11/2022
Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-29836
Publication date:
09/11/2022
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. This could also allow the attacker to initiate the installation of custom packages at these locations. This can only be exploited once the attacker has been authenticated to the device. This issue affects: Western Digital My Cloud Home and My Cloud Home Duo versions prior to 8.11.0-113 on Linux; SanDisk ibi versions prior to 8.11.0-113 on Linux.
Severity CVSS v4.0: Pending analysis
Last modification:
15/11/2022

CVE-2022-27673
Publication date:
09/11/2022
Insufficient access controls in the AMD Link Android app may potentially result in information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025
Subscribe to Vulnerabilities