Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-23608
Publication date:
22/02/2022
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2022-0713
Publication date:
22/02/2022
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-46699
Publication date:
22/02/2022
A vulnerability has been identified in Simcenter Femap (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2022

CVE-2022-0712
Publication date:
22/02/2022
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-46162
Publication date:
22/02/2022
A vulnerability has been identified in Simcenter Femap (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2022

CVE-2022-0665
Publication date:
22/02/2022
Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2.
Severity CVSS v4.0: Pending analysis
Last modification:
01/03/2022

CVE-2022-0676
Publication date:
22/02/2022
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-24564
Publication date:
21/02/2022
Checkmk
Severity CVSS v4.0: Pending analysis
Last modification:
23/07/2024

CVE-2021-4115
Publication date:
21/02/2022
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-44573
Publication date:
21/02/2022
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3200 Reason: This candidate is a duplicate of CVE-2021-3200. Notes: All CVE users should reference CVE-2021-3200 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-44574
Publication date:
21/02/2022
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3200 Reason: This candidate is a duplicate of CVE-2021-3200. Notes: All CVE users should reference CVE-2021-3200 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-44575
Publication date:
21/02/2022
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3200 Reason: This candidate is a duplicate of CVE-2021-3200. Notes: All CVE users should reference CVE-2021-3200 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities