Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-20468
Publication date:
01/09/2022
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2022

CVE-2021-29823
Publication date:
01/09/2022
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2022

CVE-2022-2996
Publication date:
01/09/2022
A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
12/12/2022

CVE-2022-3061
Publication date:
01/09/2022
Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2022

CVE-2022-36583
Publication date:
01/09/2022
DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters.
Severity CVSS v4.0: Pending analysis
Last modification:
07/09/2022

CVE-2021-45027
Publication date:
01/09/2022
An arbitrary file download vulnerability in Oliver v5 Library Server Versions
Severity CVSS v4.0: Pending analysis
Last modification:
07/09/2022

CVE-2020-35535
Publication date:
01/09/2022
In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files.
Severity CVSS v4.0: Pending analysis
Last modification:
07/09/2022

CVE-2020-35533
Publication date:
01/09/2022
In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file.
Severity CVSS v4.0: Pending analysis
Last modification:
21/09/2022

CVE-2020-27784
Publication date:
01/09/2022
A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free().
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2023

CVE-2020-35525
Publication date:
01/09/2022
In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2023

CVE-2020-35527
Publication date:
01/09/2022
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.
Severity CVSS v4.0: Pending analysis
Last modification:
08/12/2022

CVE-2020-35532
Publication date:
01/09/2022
In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field.
Severity CVSS v4.0: Pending analysis
Last modification:
29/09/2022
Subscribe to Vulnerabilities