Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-37898
Publication date:
12/12/2022
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025

CVE-2022-37899
Publication date:
12/12/2022
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025

CVE-2022-37901
Publication date:
12/12/2022
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025

CVE-2022-37904
Publication date:
12/12/2022
Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025

CVE-2022-37905
Publication date:
12/12/2022
Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025

CVE-2021-3942
Publication date:
12/12/2022
Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR.
Severity CVSS v4.0: Pending analysis
Last modification:
25/04/2025

CVE-2021-3437
Publication date:
12/12/2022
Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of privilege and/or denial of service. HP is releasing software updates to mitigate the potential vulnerabilities.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2021-3661
Publication date:
12/12/2022
A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2021-3821
Publication date:
12/12/2022
A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2022-1038
Publication date:
12/12/2022
A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP software.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2021-3919
Publication date:
12/12/2022
A potential security vulnerability has been identified in OMEN Gaming Hub and in HP Command Center which may allow escalation of privilege and/or denial of service. HP has released software updates to mitigate the potential vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2021-46846
Publication date:
12/12/2022
Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025
Subscribe to Vulnerabilities