Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-44551
Publication date:
09/11/2022
The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44560
Publication date:
09/11/2022
The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44561
Publication date:
09/11/2022
The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44549
Publication date:
09/11/2022
The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44550
Publication date:
09/11/2022
The graphics display module has a UAF vulnerability when traversing graphic layers. Successful exploitation of this vulnerability may affect system availability.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44562
Publication date:
09/11/2022
The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44546
Publication date:
09/11/2022
The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Successful exploitation of this vulnerability may cause a system restart.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-43058
Publication date:
09/11/2022
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms//classes/Master.php?f=delete_activity.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-43031
Publication date:
09/11/2022
DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-43310
Publication date:
09/11/2022
An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-31687
Publication date:
09/11/2022
VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-31688
Publication date:
09/11/2022
VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025
Subscribe to Vulnerabilities