Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-23427

Publication date:
11/02/2022
PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent.
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2022

CVE-2022-23428

Publication date:
11/02/2022
An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2022

CVE-2022-22291

Publication date:
11/02/2022
Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device.
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2022

CVE-2022-22292

Publication date:
11/02/2022
Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity.
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2022

CVE-2022-23425

Publication date:
11/02/2022
Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station.
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2022

CVE-2022-23707

Publication date:
11/02/2022
An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users
Severity CVSS v4.0: Pending analysis
Last modification:
22/02/2022

CVE-2022-23995

Publication date:
11/02/2022
Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission.
Severity CVSS v4.0: Pending analysis
Last modification:
22/02/2022

CVE-2022-0561

Publication date:
11/02/2022
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-0562

Publication date:
11/02/2022
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-4035

Publication date:
11/02/2022
A stored cross site scripting have been identified at the comments in the report creation due to an obsolote version of tinymce editor. In order to exploit this vulnerability, the attackers needs an account with enough privileges to view and edit reports.
Severity CVSS v4.0: Pending analysis
Last modification:
22/11/2023

CVE-2022-0382

Publication date:
11/02/2022
An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7 bytes, and the user cannot control what is read. This flaw affects the Linux kernel versions prior to 5.17-rc1.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2022

CVE-2022-0185

Publication date:
11/02/2022
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
Severity CVSS v4.0: Pending analysis
Last modification:
06/11/2025