Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-2817
Publication date:
15/08/2022
Use After Free in GitHub repository vim/vim prior to 9.0.0213.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-38357
Publication date:
15/08/2022
Improper neutralization of special elements leaves the Eyes of Network Web application vulnerable to an iFrame injection attack, via the url parameter of /module/module_frame/index.php.
Severity CVSS v4.0: Pending analysis
Last modification:
16/08/2022

CVE-2022-38358
Publication date:
15/08/2022
Improper neutralization of input during web page generation leaves the Eyes of Network web application vulnerable to cross-site scripting attacks at /module/admin_notifiers/rules.php and /module/report_event/indext.php via the parameters rule_notification, rule_name, and rule_name_old, and at /module/admin_user/add_modify_user.php via the parameters user_name and user_email.
Severity CVSS v4.0: Pending analysis
Last modification:
17/08/2022

CVE-2022-38359
Publication date:
15/08/2022
Cross-site request forgery attacks can be carried out against the Eyes of Network web application, due to an absence of adequate protections. An attacker can, for instance, delete the admin user by directing an authenticated user to the URL https:///module/admin_user/index.php?DataTables_Table_0_length=10&user_selected%5B%5D=1&user_mgt_list=delete_user&action=submit by means of a crafted link.
Severity CVSS v4.0: Pending analysis
Last modification:
17/08/2022

CVE-2022-28756
Publication date:
15/08/2022
The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.5 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
Severity CVSS v4.0: Pending analysis
Last modification:
16/08/2022

CVE-2022-38368
Publication date:
15/08/2022
An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.
Severity CVSS v4.0: Pending analysis
Last modification:
16/08/2022

CVE-2022-2816
Publication date:
15/08/2022
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-38191
Publication date:
15/08/2022
There is an HTML injection issue in Esri Portal for ArcGIS versions 10.9.0 and below which may allow a remote, authenticated attacker to inject HTML into some locations in the home application.
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2023

CVE-2022-38190
Publication date:
15/08/2022
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser
Severity CVSS v4.0: Pending analysis
Last modification:
16/08/2022

CVE-2022-38188
Publication date:
15/08/2022
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.
Severity CVSS v4.0: Pending analysis
Last modification:
16/08/2022

CVE-2022-35822
Publication date:
15/08/2022
Windows Defender Credential Guard Security Feature Bypass Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
31/05/2023

CVE-2022-38186
Publication date:
15/08/2022
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities