Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-31689
Publication date:
09/11/2022
VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-31685
Publication date:
09/11/2022
VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-31686
Publication date:
09/11/2022
VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-27674
Publication date:
09/11/2022
Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-29836
Publication date:
09/11/2022
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. This could also allow the attacker to initiate the installation of custom packages at these locations. This can only be exploited once the attacker has been authenticated to the device. This issue affects: Western Digital My Cloud Home and My Cloud Home Duo versions prior to 8.11.0-113 on Linux; SanDisk ibi versions prior to 8.11.0-113 on Linux.
Severity CVSS v4.0: Pending analysis
Last modification:
15/11/2022

CVE-2022-27673
Publication date:
09/11/2022
Insufficient access controls in the AMD Link Android app may potentially result in information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-23831
Publication date:
09/11/2022
Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2021-46852
Publication date:
09/11/2022
The memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-23824
Publication date:
09/11/2022
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2024

CVE-2021-26391
Publication date:
09/11/2022
Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2021-26392
Publication date:
09/11/2022
Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.
Severity CVSS v4.0: Pending analysis
Last modification:
16/09/2024

CVE-2021-26393
Publication date:
09/11/2022
Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.
Severity CVSS v4.0: Pending analysis
Last modification:
16/09/2024
Subscribe to Vulnerabilities