Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-0552

Publication date:

11/04/2022

A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11.

Severity CVSS v4.0: Pending analysis

Last modification:

12/02/2023

CVE-2022-0835

Publication date:

11/04/2022

AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.

Severity CVSS v4.0: Pending analysis

Last modification:

18/04/2022

CVE-2022-0999

Publication date:

11/04/2022

An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior.

Severity CVSS v4.0: Pending analysis

Last modification:

18/04/2022

CVE-2022-1067

Publication date:

11/04/2022

Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting.

Severity CVSS v4.0: Pending analysis

Last modification:

18/04/2022

CVE-2021-4047

Publication date:

11/04/2022

The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9.

Severity CVSS v4.0: Pending analysis

Last modification:

12/02/2023

CVE-2021-46742

Publication date:

11/04/2022

The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability.

Severity CVSS v4.0: Pending analysis

Last modification:

12/07/2022

CVE-2021-22055

Publication date:

11/04/2022

The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries.

Severity CVSS v4.0: Pending analysis

Last modification:

18/04/2022