Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-6920
Publication date:
16/02/2022
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.
Severity CVSS v4.0: Pending analysis
Last modification:
08/09/2022

CVE-2020-6919
Publication date:
16/02/2022
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.
Severity CVSS v4.0: Pending analysis
Last modification:
08/09/2022

CVE-2020-6918
Publication date:
16/02/2022
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.
Severity CVSS v4.0: Pending analysis
Last modification:
08/09/2022

CVE-2021-39298
Publication date:
16/02/2022
A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware.
Severity CVSS v4.0: Pending analysis
Last modification:
24/02/2026

CVE-2019-4352
Publication date:
16/02/2022
IBM Maximo Anywhere 7.6.4.0 applications could allow obfuscation of the application source code. IBM X-Force ID: 161494.
Severity CVSS v4.0: Pending analysis
Last modification:
23/02/2022

CVE-2019-4351
Publication date:
16/02/2022
IBM Maximo Anywhere 7.6.4.0 applications could disclose sensitive information to a user with physical access to the device. IBM X-Force ID: 161493.
Severity CVSS v4.0: Pending analysis
Last modification:
23/02/2022

CVE-2019-4291
Publication date:
16/02/2022
IBM Maximo Anywhere 7.6.4.0 could allow an attacker to reverse engineer the application due to the lack of binary protection precautions. IBM X-Force ID: 160697.
Severity CVSS v4.0: Pending analysis
Last modification:
23/02/2022

CVE-2020-6917
Publication date:
16/02/2022
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.
Severity CVSS v4.0: Pending analysis
Last modification:
08/09/2022

CVE-2021-26726
Publication date:
16/02/2022
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021.
Severity CVSS v4.0: Pending analysis
Last modification:
30/06/2023

CVE-2021-45391
Publication date:
16/02/2022
A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in the goform/setIPv6Status binary file /usr/sbin/httpd via the conType parameter, which causes a Denial of Service.
Severity CVSS v4.0: Pending analysis
Last modification:
23/02/2022

CVE-2022-23358
Publication date:
16/02/2022
EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL statement.
Severity CVSS v4.0: Pending analysis
Last modification:
23/02/2022

CVE-2022-0559
Publication date:
16/02/2022
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities