Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-41009
Publication date:
05/01/2023
Rejected reason: CVE was unused by HPE.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-41010
Publication date:
05/01/2023
Rejected reason: CVE was unused by HPE.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2014-125045
Publication date:
05/01/2023
A vulnerability has been found in meol1 and classified as critical. Affected by this vulnerability is the function GetAnimal of the file opdracht4/index.php. The manipulation of the argument where leads to sql injection. The identifier of the patch is 82441e413f87920d1e8f866e8ef9d7f353a7c583. It is recommended to apply a patch to fix this issue. The identifier VDB-217525 was assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2021-40341
Publication date:
05/01/2023
DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects <br /> <br /> <br /> <br /> * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; <br /> * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.<br /> <br /> <br /> <br /> <br /> List of CPEs: <br /> * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-40342
Publication date:
05/01/2023
<br /> In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions.<br /> <br /> <br /> <br /> <br /> <br /> This issue affects <br /> <br /> <br /> <br /> * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; <br /> * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.<br /> <br /> <br /> <br /> <br /> List of CPEs: <br /> * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*<br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-47543
Publication date:
05/01/2023
An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects.
Severity CVSS v4.0: Pending analysis
Last modification:
10/04/2025

CVE-2022-47544
Publication date:
05/01/2023
An issue was discovered in Siren Investigate before 12.1.7. Script variable whitelisting is insufficiently sandboxed.
Severity CVSS v4.0: Pending analysis
Last modification:
10/04/2025

CVE-2023-22455
Publication date:
05/01/2023
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, tag descriptions, which can be updated by moderators, can be used for cross-site scripting attacks. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. Versions 2.8.14 and 3.0.0.beta16 contain a patch.
Severity CVSS v4.0: Pending analysis
Last modification:
11/01/2023

CVE-2014-125044
Publication date:
05/01/2023
A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This affects an unknown part of the file index.php. The manipulation of the argument p leads to file inclusion. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The patch is named 567bc33e6ed82b0d0179c9add707ac2b257aeaf2. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217515.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2017-20163
Publication date:
05/01/2023
A vulnerability has been found in Red Snapper NView and classified as critical. This vulnerability affects the function mutate of the file src/Session.php. The manipulation of the argument session leads to sql injection. The name of the patch is cbd255f55d476b29e5680f66f48c73ddb3d416a8. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217516.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2022-46177
Publication date:
05/01/2023
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, when a user requests for a password reset link email, then changes their primary email, the old reset email is still valid. When the old reset email is used to reset the password, the Discourse account&amp;#39;s primary email would be re-linked to the old email. If the old email address is compromised or has transferred ownership, this leads to an account takeover. This is however mitigated by the SiteSetting `email_token_valid_hours` which is currently 48 hours. Users should upgrade to versions 2.8.14 or 3.0.0.beta15 to receive a patch. As a workaround, lower `email_token_valid_hours ` as needed.
Severity CVSS v4.0: Pending analysis
Last modification:
13/01/2023

CVE-2023-22453
Publication date:
05/01/2023
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, the number of times a user posted in an arbitrary topic is exposed to unauthorized users through the `/u/username.json` endpoint. The issue is patched in version 2.8.14 and 3.0.0.beta16. There is no known workaround.
Severity CVSS v4.0: Pending analysis
Last modification:
13/01/2023
Subscribe to Vulnerabilities