Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-29945
Publication date:
29/04/2022
DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-1543
Publication date:
29/04/2022
Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2022

CVE-2022-29936
Publication date:
29/04/2022
USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Oracle Corporation product.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2022

CVE-2022-29937
Publication date:
29/04/2022
USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2022

CVE-2022-29934
Publication date:
29/04/2022
USU Oracle Optimization before 5.17.5 lacks Polkit authentication, which allows smartcollector users to achieve root access via pkexec. NOTE: this is not an Oracle Corporation product.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-29935
Publication date:
29/04/2022
USU Oracle Optimization before 5.17.5 allows attackers to discover the quantum credentials via an agent-installer download. NOTE: this is not an Oracle Corporation product.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-28480
Publication date:
29/04/2022
ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.exe.
Severity CVSS v4.0: Pending analysis
Last modification:
10/05/2022

CVE-2022-29414
Publication date:
29/04/2022
Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription.
Severity CVSS v4.0: Pending analysis
Last modification:
10/05/2022

CVE-2022-28994
Publication date:
29/04/2022
Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request.
Severity CVSS v4.0: Pending analysis
Last modification:
10/05/2022

CVE-2022-29451
Publication date:
29/04/2022
Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2022

CVE-2022-1402
Publication date:
29/04/2022
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition.
Severity CVSS v4.0: Pending analysis
Last modification:
10/05/2022

CVE-2022-1403
Publication date:
29/04/2022
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition.
Severity CVSS v4.0: Pending analysis
Last modification:
10/05/2022
Subscribe to Vulnerabilities