Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-34483
Publication date:
22/12/2022
An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34482. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-34480
Publication date:
22/12/2022
Within the lg_init() function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-34481
Publication date:
22/12/2022
In the nsTArray_Impl::ReplaceElementsAt() function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-34479
Publication date:
22/12/2022
A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. *This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-34477
Publication date:
22/12/2022
The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-34478
Publication date:
22/12/2022
The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the user to open them.*This bug only affects Thunderbird on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-34476
Publication date:
22/12/2022
ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-34475
Publication date:
22/12/2022
SVG <use> tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-34474
Publication date:
22/12/2022
Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-34473
Publication date:
22/12/2022
The HTML Sanitizer should have sanitized the href attribute of SVG <use> tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-34472
Publication date:
22/12/2022
If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-34470
Publication date:
22/12/2022
Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025
Subscribe to Vulnerabilities