Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-28166
Publication date:
27/06/2022
In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-28167
Publication date:
27/06/2022
Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2021-33654
Publication date:
27/06/2022
When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2022

CVE-2022-2140
Publication date:
27/06/2022
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2022

CVE-2022-2088
Publication date:
27/06/2022
An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0.
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2023

CVE-2022-2106
Publication date:
27/06/2022
Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files.
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2023

CVE-2021-33647
Publication date:
27/06/2022
When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2022

CVE-2021-33648
Publication date:
27/06/2022
When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2022

CVE-2021-33649
Publication date:
27/06/2022
When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2022

CVE-2021-33650
Publication date:
27/06/2022
When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2022

CVE-2021-33653
Publication date:
27/06/2022
When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2022

CVE-2021-33652
Publication date:
27/06/2022
When the Reduce operator run operation is executed, if there is a value of 0 in the parameter axis_sizes element, it will cause a division by 0 exception.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2022
Subscribe to Vulnerabilities