Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-2980
Publication date:
25/08/2022
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-2982
Publication date:
25/08/2022
Use After Free in GitHub repository vim/vim prior to 9.0.0260.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-35938
Publication date:
25/08/2022
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity CVSS v4.0: Pending analysis
Last modification:
29/11/2022

CVE-2021-3929
Publication date:
25/08/2022
A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host.
Severity CVSS v4.0: Pending analysis
Last modification:
28/02/2025

CVE-2021-3914
Publication date:
25/08/2022
It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
02/09/2022

CVE-2021-3979
Publication date:
25/08/2022
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2021-23159
Publication date:
25/08/2022
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash.
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2025

CVE-2021-23172
Publication date:
25/08/2022
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash.
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2025

CVE-2020-27797
Publication date:
25/08/2022
An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2020-27798
Publication date:
25/08/2022
An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2020-27799
Publication date:
25/08/2022
A heap-based buffer over-read was discovered in the acc_ua_get_be32 function in miniacc.h in UPX 4.0.0 via a crafted Mach-O file.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2020-27800
Publication date:
25/08/2022
A heap-based buffer over-read was discovered in the get_le32 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025
Subscribe to Vulnerabilities