Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-1160
Publication date:
30/03/2022
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-27772
Publication date:
30/03/2022
spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer
Severity CVSS v4.0: Pending analysis
Last modification:
03/08/2024

CVE-2022-24132
Publication date:
30/03/2022
phpshe V1.8 is affected by a denial of service (DoS) attack in the registry's verification code, which can paralyze the target service.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2022

CVE-2022-24135
Publication date:
30/03/2022
QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2022

CVE-2022-28223
Publication date:
30/03/2022
Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-22772
Publication date:
30/03/2022
The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2022

CVE-2021-44310
Publication date:
30/03/2022
An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creation functionality.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2022

CVE-2021-44312
Publication date:
30/03/2022
An issue was discovered in Firmware Analysis and Comparison Tool v3.2. Logged in administrators could be targeted by a CSRF attack through visiting a crafted web page.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2022

CVE-2022-23136
Publication date:
30/03/2022
There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2022

CVE-2022-27907
Publication date:
30/03/2022
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2022

CVE-2022-22996
Publication date:
30/03/2022
The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2022

CVE-2021-3456
Publication date:
30/03/2022
An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2022
Subscribe to Vulnerabilities