Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-23159
Publication date:
25/08/2022
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash.
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2025

CVE-2021-23172
Publication date:
25/08/2022
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash.
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2025

CVE-2020-27797
Publication date:
25/08/2022
An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2020-27798
Publication date:
25/08/2022
An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2020-27799
Publication date:
25/08/2022
A heap-based buffer over-read was discovered in the acc_ua_get_be32 function in miniacc.h in UPX 4.0.0 via a crafted Mach-O file.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2020-27800
Publication date:
25/08/2022
A heap-based buffer over-read was discovered in the get_le32 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2020-27801
Publication date:
25/08/2022
A heap-based buffer over-read was discovered in the get_le64 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2020-27802
Publication date:
25/08/2022
An floating point exception was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2020-27796
Publication date:
25/08/2022
A heap-based buffer over-read was discovered in the invert_pt_dynamic function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2021-20224
Publication date:
25/08/2022
An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash.
Severity CVSS v4.0: Pending analysis
Last modification:
11/03/2023

CVE-2021-20223
Publication date:
25/08/2022
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-36527
Publication date:
25/08/2022
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.
Severity CVSS v4.0: Pending analysis
Last modification:
27/08/2022
Subscribe to Vulnerabilities