Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-42052
Publication date:
16/08/2022
IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res path and the R query parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2022

CVE-2022-25799
Publication date:
16/08/2022
An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.50.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated user's browser could be redirected to a malicious site that is designed to impersonate a legitimate website. The attacker could trick the user and potentially acquire sensitive information such as the user's credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
16/11/2022

CVE-2022-38238
Publication date:
16/08/2022
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::lookChar() at /xpdf/Stream.cc.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2022

CVE-2022-38237
Publication date:
16/08/2022
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readScan() at /xpdf/Stream.cc.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2022

CVE-2022-38236
Publication date:
16/08/2022
XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObj(Object*) at /xpdf/Lexer.cc.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2022

CVE-2022-38235
Publication date:
16/08/2022
XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2022

CVE-2022-37438
Publication date:
16/08/2022
In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2023

CVE-2022-36150
Publication date:
16/08/2022
tifig v0.2.2 was discovered to contain a heap-buffer overflow via __asan_memmove at /asan/asan_interceptors_memintrinsics.cpp.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-36151
Publication date:
16/08/2022
tifig v0.2.2 was discovered to contain a segmentation violation via getType() at /common/bbox.cpp.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-36152
Publication date:
16/08/2022
tifig v0.2.2 was discovered to contain a memory leak via operator new[](unsigned long) at /asan/asan_new_delete.cpp.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-36153
Publication date:
16/08/2022
tifig v0.2.2 was discovered to contain a segmentation violation via std::vector::size() const at /bits/stl_vector.h.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-38227
Publication date:
16/08/2022
XPDF commit ffaf11c was discovered to contain a stack overflow via __asan_memcpy at asan_interceptors_memintrinsics.cpp.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2022
Subscribe to Vulnerabilities