Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-28793
Publication date:
03/05/2022
Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2022

CVE-2022-28786
Publication date:
03/05/2022
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2022

CVE-2022-28787
Publication date:
03/05/2022
Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2022

CVE-2022-28788
Publication date:
03/05/2022
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2022

CVE-2022-28789
Publication date:
03/05/2022
Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2022

CVE-2022-28790
Publication date:
03/05/2022
Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2022

CVE-2022-28792
Publication date:
03/05/2022
DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2022

CVE-2022-28791
Publication date:
03/05/2022
Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2022

CVE-2022-27330
Publication date:
03/05/2022
A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2022

CVE-2022-28780
Publication date:
03/05/2022
Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2022

CVE-2022-28781
Publication date:
03/05/2022
Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2022

CVE-2022-28783
Publication date:
03/05/2022
Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2022
Subscribe to Vulnerabilities