Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-22563
Publication date:
08/04/2022
Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes.
Severity CVSS v4.0: Pending analysis
Last modification:
14/04/2022

CVE-2022-24819
Publication date:
08/04/2022
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2022

CVE-2022-24820
Publication date:
08/04/2022
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2023

CVE-2022-24821
Publication date:
08/04/2022
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. This issue has been patched in XWiki 13.10-rc-1, 12.10.11 and 13.4.6. There's no easy workaround for this issue, administrators should upgrade their wiki.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2022

CVE-2021-43498
Publication date:
08/04/2022
An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, form_password_hidden, and form_change HTTP POST parameters are set.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2022

CVE-2022-1284
Publication date:
08/04/2022
heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2022

CVE-2022-1283
Publication date:
08/04/2022
NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash).
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2022

CVE-2022-27152
Publication date:
08/04/2022
Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification.
Severity CVSS v4.0: Pending analysis
Last modification:
29/08/2023

CVE-2021-43503
Publication date:
08/04/2022
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-43515
Publication date:
08/04/2022
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file.
Severity CVSS v4.0: Pending analysis
Last modification:
14/04/2022

CVE-2021-43517
Publication date:
08/04/2022
FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2022

CVE-2020-4668
Publication date:
08/04/2022
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186283.
Severity CVSS v4.0: Pending analysis
Last modification:
14/04/2022
Subscribe to Vulnerabilities