Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-25721
Publication date:
16/03/2022
Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.
Severity CVSS v4.0: Pending analysis
Last modification:
17/09/2023

CVE-2021-0957
Publication date:
16/03/2022
In NotificationStackScrollLayout of NotificationStackScrollLayout.java, there is a possible way to bypass Factory Reset Protections. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193149550
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-24751
Publication date:
16/03/2022
Zulip is an open source group chat application. Starting with version 4.0 and prior to version 4.11, Zulip is vulnerable to a race condition during account deactivation, where a simultaneous access by the user being deactivated may, in rare cases, allow continued access by the deactivated user. A patch is available in version 4.11 on the 4.x branch and version 5.0-rc1 on the 5.x branch. Upgrading to a fixed version will, as a side effect, deactivate any cached sessions that may have been leaked through this bug. There are currently no known workarounds.
Severity CVSS v4.0: Pending analysis
Last modification:
22/03/2022

CVE-2022-0986
Publication date:
16/03/2022
Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11.
Severity CVSS v4.0: Pending analysis
Last modification:
22/03/2022

CVE-2021-45787
Publication date:
16/03/2022
There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks.
Severity CVSS v4.0: Pending analysis
Last modification:
22/03/2022

CVE-2021-45786
Publication date:
16/03/2022
In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
22/03/2022

CVE-2021-42552
Publication date:
16/03/2022
Cross-site Scripting (XSS) vulnerability in ArchivistaBox webclient allows an attacker to craft a malicious link, executing JavaScript in the context of a victim's browser. This issue affects all ArchivistaBox versions prior to 2022/I.
Severity CVSS v4.0: Pending analysis
Last modification:
22/03/2022

CVE-2022-0705
Publication date:
16/03/2022
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
Severity CVSS v4.0: Pending analysis
Last modification:
22/03/2022

CVE-2021-45851
Publication date:
16/03/2022
A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2022

CVE-2022-0704
Publication date:
16/03/2022
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
Severity CVSS v4.0: Pending analysis
Last modification:
22/03/2022

CVE-2021-45852
Publication date:
16/03/2022
An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2022-21946
Publication date:
16/03/2022
A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.
Severity CVSS v4.0: Pending analysis
Last modification:
22/06/2023
Subscribe to Vulnerabilities