Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-30532
Publication date:
19/07/2022
In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2022

CVE-2022-30526
Publication date:
19/07/2022
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device.
Severity CVSS v4.0: Pending analysis
Last modification:
13/12/2022

CVE-2022-2030
Publication date:
19/07/2022
A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device.
Severity CVSS v4.0: Pending analysis
Last modification:
29/07/2022

CVE-2022-34643
Publication date:
18/07/2022
RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 implements the incorrect exception priotrity when accessing memory.
Severity CVSS v4.0: Pending analysis
Last modification:
26/07/2022

CVE-2022-34642
Publication date:
18/07/2022
The component mcontrol.action in RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 contains the incorrect mask which can cause a Denial of Service (DoS).
Severity CVSS v4.0: Pending analysis
Last modification:
26/07/2022

CVE-2022-34640
Publication date:
18/07/2022
The *tval of ecall/ebreak in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a was discovered to be incorrect.
Severity CVSS v4.0: Pending analysis
Last modification:
26/07/2022

CVE-2022-34641
Publication date:
18/07/2022
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMP violation occurs during address translation.
Severity CVSS v4.0: Pending analysis
Last modification:
26/05/2023

CVE-2022-34636
Publication date:
18/07/2022
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMA violation occurs during address translation.
Severity CVSS v4.0: Pending analysis
Last modification:
26/07/2022

CVE-2022-34635
Publication date:
18/07/2022
The mstatus.sd field in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a does not update when the mstatus.fs field is set to Dirty.
Severity CVSS v4.0: Pending analysis
Last modification:
26/07/2022

CVE-2022-34634
Publication date:
18/07/2022
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted det instructions rather create an exception.
Severity CVSS v4.0: Pending analysis
Last modification:
26/07/2022

CVE-2022-34633
Publication date:
18/07/2022
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted sfence.vma instructions rather create an exception.
Severity CVSS v4.0: Pending analysis
Last modification:
26/07/2022

CVE-2022-34637
Publication date:
18/07/2022
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a implements an incorrect exception type when an illegal virtual address is loaded.
Severity CVSS v4.0: Pending analysis
Last modification:
26/07/2022
Subscribe to Vulnerabilities