Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-43062
Publication date:
02/02/2022
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the FortiGuard URI protection service.
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2022

CVE-2021-36177
Publication date:
02/02/2022
An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-41016
Publication date:
02/02/2022
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2022-24301
Publication date:
02/02/2022
In Minetest before 5.4.0, players can add or subtract items from a different player's inventory.
Severity CVSS v4.0: Pending analysis
Last modification:
28/02/2022

CVE-2022-24300
Publication date:
02/02/2022
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2021-42638
Publication date:
01/02/2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2022

CVE-2022-24198
Publication date:
01/02/2022
iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exploitable.
Severity CVSS v4.0: Pending analysis
Last modification:
03/08/2024

CVE-2022-24196
Publication date:
01/02/2022
iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2023

CVE-2022-24197
Publication date:
01/02/2022
iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2023

CVE-2022-24220
Publication date:
01/02/2022
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_post.php.
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2022

CVE-2022-24219
Publication date:
01/02/2022
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php.
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2022

CVE-2022-24221
Publication date:
01/02/2022
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php.
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2022
Subscribe to Vulnerabilities