Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-32171
Publication date:
06/10/2022
In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete user functionality. When an authenticated user deletes a user having a XSS payload in the user id field, the javascript payload will be executed and allow an attacker to access the user’s credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-31252
Publication date:
06/10/2022
A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2022

CVE-2022-2986
Publication date:
06/10/2022
Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk.
Severity CVSS v4.0: Pending analysis
Last modification:
21/12/2022

CVE-2022-31008
Publication date:
06/10/2022
RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable data could appear in the node log. Patched versions correctly use a cluster-wide secret for that purpose. This issue has been addressed and Patched versions: `3.10.2`, `3.9.18`, `3.8.32` are available. Users unable to upgrade should disable the Shovel and Federation plugins.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2025

CVE-2022-2975
Publication date:
06/10/2022
A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2022

CVE-2022-2781
Publication date:
06/10/2022
In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-2783
Publication date:
06/10/2022
In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-2637
Publication date:
06/10/2022
Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-26240
Publication date:
06/10/2022
The default privileges for the running service Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.
Severity CVSS v4.0: Pending analysis
Last modification:
11/10/2022

CVE-2022-26239
Publication date:
06/10/2022
The default privileges for the running service Normand License Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows unprivileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2022

CVE-2022-26235
Publication date:
06/10/2022
A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Message Server. On installation, the permissions set by Remisol Advance allow non-privileged users to overwrite and/or manipulate executables and libraries that run as the elevated SYSTEM user on Windows.
Severity CVSS v4.0: Pending analysis
Last modification:
11/10/2022

CVE-2022-26237
Publication date:
06/10/2022
The default privileges for the running service Normand Viewer Service in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2022
Subscribe to Vulnerabilities