Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-22996
Publication date:
30/03/2022
The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2022

CVE-2021-3456
Publication date:
30/03/2022
An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2022

CVE-2022-23801
Publication date:
30/03/2022
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2022

CVE-2022-23800
Publication date:
30/03/2022
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2022

CVE-2022-23796
Publication date:
30/03/2022
An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2022

CVE-2022-23798
Publication date:
30/03/2022
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2022

CVE-2022-23797
Publication date:
30/03/2022
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2022

CVE-2022-23799
Publication date:
30/03/2022
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2022

CVE-2022-23795
Publication date:
30/03/2022
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2022

CVE-2022-23793
Publication date:
30/03/2022
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2022

CVE-2022-23794
Publication date:
30/03/2022
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2022

CVE-2021-39788
Publication date:
30/03/2022
In TelecomManager, there is a possible way to check if a particular self managed phone account was registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191768014
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2022
Subscribe to Vulnerabilities