Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-44854
Publication date:
26/12/2022
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-29853
Publication date:
26/12/2022
OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message.
Severity CVSS v4.0: Pending analysis
Last modification:
04/01/2023

CVE-2022-29852
Publication date:
26/12/2022
OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked.
Severity CVSS v4.0: Pending analysis
Last modification:
04/01/2023

CVE-2022-37310
Publication date:
26/12/2022
OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI.
Severity CVSS v4.0: Pending analysis
Last modification:
03/01/2023

CVE-2022-37309
Publication date:
26/12/2022
OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name.
Severity CVSS v4.0: Pending analysis
Last modification:
03/01/2023

CVE-2022-37308
Publication date:
26/12/2022
OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages.
Severity CVSS v4.0: Pending analysis
Last modification:
03/01/2023

CVE-2022-37313
Publication date:
26/12/2022
OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.
Severity CVSS v4.0: Pending analysis
Last modification:
04/01/2023

CVE-2022-37307
Publication date:
26/12/2022
OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature.
Severity CVSS v4.0: Pending analysis
Last modification:
04/01/2023

CVE-2022-31469
Publication date:
26/12/2022
OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI.
Severity CVSS v4.0: Pending analysis
Last modification:
03/01/2023

CVE-2022-37311
Publication date:
26/12/2022
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-37312
Publication date:
26/12/2022
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-4741
Publication date:
25/12/2022
A vulnerability was found in docconv up to 1.2.0 and classified as problematic. This issue affects the function ConvertDocx/ConvertODT/ConvertPages/ConvertXML/XMLToText. The manipulation leads to uncontrolled memory allocation. The attack may be initiated remotely. Upgrading to version 1.2.1 is able to address this issue. The name of the patch is 42bcff666855ab978e67a9041d0cdea552f20301. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216779.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024
Subscribe to Vulnerabilities