Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-35135
Publication date:
02/09/2022
A null pointer dereference may potentially occur during RSA key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Severity CVSS v4.0: Pending analysis
Last modification:
08/09/2022

CVE-2021-44718
Publication date:
02/09/2022
wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers.
Severity CVSS v4.0: Pending analysis
Last modification:
08/09/2022

CVE-2021-35122
Publication date:
02/09/2022
Non-secure region can try modifying RG permissions of IO space xPUs due to improper input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Severity CVSS v4.0: Pending analysis
Last modification:
08/09/2022

CVE-2022-22097
Publication date:
02/09/2022
Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. in Snapdragon Consumer IOT
Severity CVSS v4.0: Pending analysis
Last modification:
09/09/2022

CVE-2022-22099
Publication date:
02/09/2022
Memory corruption in multimedia due to improper validation of array index in Snapdragon Auto
Severity CVSS v4.0: Pending analysis
Last modification:
09/09/2022

CVE-2021-35108
Publication date:
02/09/2022
Improper checking of AP-S lock bit while verifying the secure resource group permissions can lead to non secure read and write access in Snapdragon Connectivity, Snapdragon Mobile
Severity CVSS v4.0: Pending analysis
Last modification:
19/04/2023

CVE-2021-35109
Publication date:
02/09/2022
Possible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity, Snapdragon Mobile
Severity CVSS v4.0: Pending analysis
Last modification:
19/04/2023

CVE-2021-35113
Publication date:
02/09/2022
Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Severity CVSS v4.0: Pending analysis
Last modification:
08/09/2022

CVE-2021-35097
Publication date:
02/09/2022
Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Severity CVSS v4.0: Pending analysis
Last modification:
08/09/2022

CVE-2022-38054
Publication date:
02/09/2022
In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation.
Severity CVSS v4.0: Pending analysis
Last modification:
09/09/2022

CVE-2022-25371
Publication date:
02/09/2022
Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier.
Severity CVSS v4.0: Pending analysis
Last modification:
25/01/2024

CVE-2022-38170
Publication date:
02/09/2022
In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023
Subscribe to Vulnerabilities