Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-36193
Publication date:
02/02/2022
Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands.
Severity CVSS v4.0: Pending analysis
Last modification:
13/01/2026

CVE-2021-42753
Publication date:
02/02/2022
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem.
Severity CVSS v4.0: Pending analysis
Last modification:
07/02/2022

CVE-2021-43073
Publication date:
02/02/2022
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.
Severity CVSS v4.0: Pending analysis
Last modification:
07/02/2022

CVE-2021-43062
Publication date:
02/02/2022
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the FortiGuard URI protection service.
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2022

CVE-2021-36177
Publication date:
02/02/2022
An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-41016
Publication date:
02/02/2022
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2022-24301
Publication date:
02/02/2022
In Minetest before 5.4.0, players can add or subtract items from a different player's inventory.
Severity CVSS v4.0: Pending analysis
Last modification:
28/02/2022

CVE-2022-24300
Publication date:
02/02/2022
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2021-42638
Publication date:
01/02/2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2022

CVE-2022-24198
Publication date:
01/02/2022
iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exploitable.
Severity CVSS v4.0: Pending analysis
Last modification:
03/08/2024

CVE-2022-24196
Publication date:
01/02/2022
iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2023

CVE-2022-24197
Publication date:
01/02/2022
iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2023
Subscribe to Vulnerabilities