Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-20625
Publication date:
23/02/2022
A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of Cisco Discovery Protocol messages that are processed by the Cisco Discovery Protocol service. An attacker could exploit this vulnerability by sending a series of malicious Cisco Discovery Protocol messages to an affected device. A successful exploit could allow the attacker to cause the Cisco Discovery Protocol service to fail and restart. In rare conditions, repeated failures of the process could occur, which could cause the entire device to restart.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-0476
Publication date:
23/02/2022
Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-0727
Publication date:
23/02/2022
Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0.
Severity CVSS v4.0: Pending analysis
Last modification:
02/03/2022

CVE-2022-0729
Publication date:
23/02/2022
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-0726
Publication date:
23/02/2022
Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0.
Severity CVSS v4.0: Pending analysis
Last modification:
29/06/2023

CVE-2022-0724
Publication date:
23/02/2022
Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.
Severity CVSS v4.0: Pending analysis
Last modification:
02/03/2022

CVE-2022-0721
Publication date:
23/02/2022
Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3.
Severity CVSS v4.0: Pending analysis
Last modification:
02/03/2022

CVE-2022-0719
Publication date:
23/02/2022
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.
Severity CVSS v4.0: Pending analysis
Last modification:
02/03/2022

CVE-2022-0736
Publication date:
23/02/2022
Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1.
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2023

CVE-2022-0717
Publication date:
23/02/2022
Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2.
Severity CVSS v4.0: Pending analysis
Last modification:
02/03/2022

CVE-2022-0654
Publication date:
23/02/2022
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository fgribreau/node-request-retry prior to 7.0.0.
Severity CVSS v4.0: Pending analysis
Last modification:
02/03/2022

CVE-2022-23612
Publication date:
22/02/2022
OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET requests for `/images` & `/initfilter/scripts`. This can allow an attacker to access any file on a system running OpenMRS that is accessible to the user id OpenMRS is running under. Affected implementations should update to the latest patch version of OpenMRS Core for the minor version they use. These are: 2.1.5, 2.2.1, 2.3.5, 2.4.5 and 2.5.3. As a general rule, this vulnerability is already mitigated by Tomcat's URL normalization in Tomcat 7.0.28+. Users on older versions of Tomcat should consider upgrading their Tomcat instance as well as their OpenMRS instance.
Severity CVSS v4.0: Pending analysis
Last modification:
02/03/2022
Subscribe to Vulnerabilities