Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-33158
Publication date:
30/07/2022
Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system.
Severity CVSS v4.0: Pending analysis
Last modification:
10/08/2022

CVE-2022-36336
Publication date:
30/07/2022
A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
09/08/2022

CVE-2022-34526
Publication date:
29/07/2022
A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-34531
Publication date:
29/07/2022
DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php.
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2022

CVE-2022-34528
Publication date:
29/07/2022
D-Link DSL-3782 v1.03 and below was discovered to contain a stack overflow via the function getAttrValue.
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2022

CVE-2022-34496
Publication date:
29/07/2022
Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file upload feature.
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2022

CVE-2022-34527
Publication date:
29/07/2022
D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-22280
Publication date:
29/07/2022
Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2022

CVE-2022-2324
Publication date:
29/07/2022
Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions
Severity CVSS v4.0: Pending analysis
Last modification:
31/10/2025

CVE-2022-36447
Publication date:
29/07/2022
An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the malicious actor pleases. This is true for every CAT1 on the Chia blockchain regardless of issuance rules. This attack is auditable on chain, so maliciously altered coins can potentially be marked by off-chain observers as malicious.
Severity CVSS v4.0: Pending analysis
Last modification:
10/08/2022

CVE-2022-2323
Publication date:
29/07/2022
Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. This vulnerability impacts SonicWall Switch 1.1.1.0-2s and earlier versions
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2022

CVE-2022-27864
Publication date:
29/07/2022
A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PDF files within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2022
Subscribe to Vulnerabilities