Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-0480

Publication date:

29/08/2022

A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.

Severity CVSS v4.0: Pending analysis

Last modification:

03/03/2023

CVE-2022-0644

Publication date:

29/08/2022

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2022-0358

Publication date:

29/08/2022

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.

Severity CVSS v4.0: Pending analysis

Last modification:

09/12/2022

CVE-2022-0812

Publication date:

29/08/2022

An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.

Severity CVSS v4.0: Pending analysis

Last modification:

27/04/2023

CVE-2022-0485

Publication date:

29/08/2022

A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.

Severity CVSS v4.0: Pending analysis

Last modification:

01/12/2022

CVE-2022-0850

Publication date:

29/08/2022

A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.

Severity CVSS v4.0: Pending analysis

Last modification:

05/10/2023

CVE-2022-0336

Publication date:

29/08/2022

The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.

Severity CVSS v4.0: Pending analysis

Last modification:

17/09/2023

CVE-2022-0718

Publication date:

29/08/2022

A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2023

CVE-2022-0284

Publication date:

29/08/2022

A heap-based-buffer-over-read flaw was found in ImageMagick&#39;s GetPixelAlpha() function of &#39;pixel-accessor.h&#39;. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure.

Severity CVSS v4.0: Pending analysis

Last modification:

01/09/2022

CVE-2022-0400

Publication date:

29/08/2022

An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.

Severity CVSS v4.0: Pending analysis

Last modification:

01/09/2022

CVE-2022-0496

Publication date:

29/08/2022

A vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import().

Severity CVSS v4.0: Pending analysis

Last modification:

01/09/2022