Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-40110
Publication date:
06/09/2022
TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Buffer Overflow via /bin/boa.
Severity CVSS v4.0: Pending analysis
Last modification:
08/09/2022

CVE-2021-43076
Publication date:
06/09/2022
An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and below and 5.3.7 and below may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access.
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2022

CVE-2022-26114
Publication date:
06/09/2022
An improper neutralization of input during web page generation vulnerability [CWE-79] in the Webmail of FortiMail before 7.2.0 may allow an unauthenticated attacker to trigger a cross-site scripting (XSS) attack via sending specially crafted mail messages.
Severity CVSS v4.0: Pending analysis
Last modification:
08/09/2022

CVE-2021-43080
Publication date:
06/09/2022
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack through the URI parameter via the Threat Feed IP address section of the Security Fabric External connectors.
Severity CVSS v4.0: Pending analysis
Last modification:
08/09/2022

CVE-2022-2714
Publication date:
06/09/2022
Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0.
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2022

CVE-2022-2901
Publication date:
06/09/2022
Improper Authorization in GitHub repository chatwoot/chatwoot prior to 2.8.
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2022

CVE-2022-34883
Publication date:
06/09/2022
OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
21/04/2023

CVE-2022-34882
Publication date:
06/09/2022
Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
21/04/2023

CVE-2022-34747
Publication date:
06/09/2022
A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.
Severity CVSS v4.0: Pending analysis
Last modification:
08/09/2022

CVE-2022-38367
Publication date:
05/09/2022
The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an HTTP request to the affected endpoint.
Severity CVSS v4.0: Pending analysis
Last modification:
08/09/2022

CVE-2021-28398
Publication date:
05/09/2022
A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScript method in harvesters/src/main/java/org/fao/geonet/kernel/harvest/harvester/localfilesystem/LocalFilesystemHarvester.java. The earliest affected version is 3.4.0.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2022

CVE-2022-30331
Publication date:
05/09/2022
The User-Defined Functions (UDF) feature in TigerGraph 3.6.0 allows installation of a query (in the GSQL query language) without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor&amp;#39;s position is "GSQL was behaving as expected."
Severity CVSS v4.0: Pending analysis
Last modification:
03/08/2024
Subscribe to Vulnerabilities