Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-30497
Publication date:
06/04/2022
Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value.
Severity CVSS v4.0: Pending analysis
Last modification:
13/04/2022

CVE-2021-40375
Publication date:
06/04/2022
Apperta Foundation OpenEyes 3.5.1 allows remote attackers to view the sensitive information of patients without having the intended level of privilege. Despite OpenEyes returning a Forbidden error message, the contents of a patient's profile are still returned in the server response. This response can be read in an intercepting proxy or by viewing the page source. Sensitive information returned in responses includes patient PII and medication records or history.
Severity CVSS v4.0: Pending analysis
Last modification:
13/04/2022

CVE-2021-45104
Publication date:
06/04/2022
An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2022-26110
Publication date:
06/04/2022
An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon.
Severity CVSS v4.0: Pending analysis
Last modification:
03/09/2022

CVE-2022-26952
Publication date:
06/04/2022
Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2022

CVE-2022-26953
Publication date:
06/04/2022
Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the string is concatenated to the HTML body.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2022

CVE-2022-26251
Publication date:
06/04/2022
The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
13/04/2022

CVE-2022-26250
Publication date:
06/04/2022
Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
13/04/2022

CVE-2021-45103
Publication date:
06/04/2022
An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can access files stored in S3 cloud storage that a user has asked HTCondor to transfer.
Severity CVSS v4.0: Pending analysis
Last modification:
13/04/2022

CVE-2022-27304
Publication date:
05/04/2022
Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2025

CVE-2022-27124
Publication date:
05/04/2022
Insurance Management System 1.0 was discovered to contain a SQL injection vulnerability via the username parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2025

CVE-2022-27123
Publication date:
05/04/2022
Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2022
Subscribe to Vulnerabilities