Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-44486
Publication date:
15/04/2022
An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can manipulate the value of a function pointer used in op_write in sr_port/op_write.c in order to gain control of the flow of execution.
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2022

CVE-2021-44487
Publication date:
15/04/2022
An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in calls to ious_open in sr_unix/ious_open.c allows attackers to crash the application by dereferencing a NULL pointer.
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2022

CVE-2021-44489
Publication date:
15/04/2022
An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application. This is a "- digs" subtraction.
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2022

CVE-2021-44490
Publication date:
15/04/2022
An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a "- (digs
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2022

CVE-2021-44491
Publication date:
15/04/2022
An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a digs-- calculation.
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2022

CVE-2021-44496
Publication date:
15/04/2022
An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can control the size variable and buffer that is passed to a call to memcpy. An attacker can use this to overwrite key data structures and gain control of the flow of execution.
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2022

CVE-2021-44497
Publication date:
15/04/2022
An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, can cause the bounds of a for loop to be miscalculated, which leads to a use after free condition a pointer is pushed into previously free memory by the loop.
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2022

CVE-2021-44488
Publication date:
15/04/2022
An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can control the size and input to calls to memcpy in op_fnfnumber in sr_port/op_fnfnumber.c in order to corrupt memory or crash the application.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-27849
Publication date:
15/04/2022
Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin)
Severity CVSS v4.0: Pending analysis
Last modification:
21/04/2022

CVE-2021-36828
Publication date:
15/04/2022
Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Maintenance plugin
Severity CVSS v4.0: Pending analysis
Last modification:
16/09/2024

CVE-2022-27850
Publication date:
15/04/2022
Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin)
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2022

CVE-2022-27851
Publication date:
15/04/2022
Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin)
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2022
Subscribe to Vulnerabilities