Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-3997

Publication date:
23/08/2022
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.
Severity CVSS v4.0: Pending analysis
Last modification:
03/05/2023

CVE-2021-3917

Publication date:
23/08/2022
A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality.
Severity CVSS v4.0: Pending analysis
Last modification:
26/08/2022

CVE-2020-35515

Publication date:
23/08/2022
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-35516

Publication date:
23/08/2022
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-31676

Publication date:
23/08/2022
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-38172

Publication date:
23/08/2022
ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard.
Severity CVSS v4.0: Pending analysis
Last modification:
26/08/2022

CVE-2022-38463

Publication date:
23/08/2022
ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.
Severity CVSS v4.0: Pending analysis
Last modification:
26/08/2022

CVE-2022-1513

Publication date:
23/08/2022
A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website.
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2023

CVE-2022-35115

Publication date:
23/08/2022
IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php.
Severity CVSS v4.0: Pending analysis
Last modification:
25/08/2022

CVE-2022-37428

Publication date:
23/08/2022
PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-38665

Publication date:
23/08/2022
Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2023

CVE-2022-38664

Publication date:
23/08/2022
Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2023