Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-20736
Publication date:
15/06/2022
A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. This vulnerability is due to improper authorization checking for HTTP requests that are submitted to the affected web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected instance of AppDynamics Controller. A successful exploit could allow the attacker to access the login page for an administrative console. AppDynamics has released software updates that address this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-20798
Publication date:
15/06/2022
A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device. This vulnerability is due to improper authentication checks when an affected device uses Lightweight Directory Access Protocol (LDAP) for external authentication. An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device. A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-20817
Publication date:
15/06/2022
A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2017-20047
Publication date:
15/06/2022
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This CVE has been rejected as out of scope in accordance to the Vulnerability Policy of Axis: https://www.axis.com/dam/public/76/fe/26/axis-vulnerability-management-policy-en-US-375421.pdf. Notes: none
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2017-20046
Publication date:
15/06/2022
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This CVE has been rejected since it is out of scope in accordance to the Vulnerability Policy of Axis: https://www.axis.com/dam/public/76/fe/26/axis-vulnerability-management-policy-en-US-375421.pdf. Notes: none
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2017-20048
Publication date:
15/06/2022
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This CVE has been rejected since it is out of scope in accordance to the Vulnerability Policy of Axis: https://www.axis.com/dam/public/76/fe/26/axis-vulnerability-management-policy-en-US-375421.pdf. Notes: none
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2017-20050
Publication date:
15/06/2022
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This CVE has been rejected due to lack of sufficient information on how to reproduce the vulnerability. Notes: none
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-20733
Publication date:
15/06/2022
A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions. This vulnerability is due to exposed sensitive Security Assertion Markup Language (SAML) metadata. An attacker could exploit this vulnerability by using the exposed SAML metadata to bypass authentication to the user portal. A successful exploit could allow the attacker to access all roles without any restrictions.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2017-20049
Publication date:
15/06/2022
A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-32301
Publication date:
15/06/2022
YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2022

CVE-2022-32300
Publication date:
15/06/2022
YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the MailSendID parameter at /App/Lib/Action/Admin/MailAction.class.php.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2022

CVE-2022-32299
Publication date:
15/06/2022
YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the id parameter at /App/Lib/Action/Admin/SiteAction.class.php.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2022
Subscribe to Vulnerabilities