Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-32225
Publication date:
14/07/2022
A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System Center server, allowing for the execution of arbitrary scripts.
Severity CVSS v4.0: Pending analysis
Last modification:
20/07/2022

CVE-2022-28876
Publication date:
14/07/2022
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. The exploit can be triggered remotely by an attacker.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2022

CVE-2022-32212
Publication date:
14/07/2022
A OS Command Injection vulnerability exists in Node.js versions
Severity CVSS v4.0: Pending analysis
Last modification:
23/02/2023

CVE-2022-32222
Publication date:
14/07/2022
A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.
Severity CVSS v4.0: Pending analysis
Last modification:
24/07/2023

CVE-2022-2393
Publication date:
14/07/2022
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.
Severity CVSS v4.0: Pending analysis
Last modification:
30/06/2023

CVE-2022-32213
Publication date:
14/07/2022
The llhttp parser
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-32214
Publication date:
14/07/2022
The llhttp parser
Severity CVSS v4.0: Pending analysis
Last modification:
19/07/2023

CVE-2022-32215
Publication date:
14/07/2022
The llhttp parser
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-1662
Publication date:
14/07/2022
In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This could allow unauthorized local users to view the password via the process list while convert2rhel is running. However, this ansible playbook is only an example in the upstream repository and it is not shipped in officially supported versions of convert2rhel.
Severity CVSS v4.0: Pending analysis
Last modification:
20/07/2022

CVE-2020-14127
Publication date:
14/07/2022
A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
20/07/2022

CVE-2022-30024
Publication date:
14/07/2022
A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the Wi-Fi network. This affects TL-WR841 V12 TL-WR841N(EU)_V12_160624 and TL-WR841 V11 TL-WR841N(EU)_V11_160325 , TL-WR841N_V11_150616 and TL-WR841 V10 TL-WR841N_V10_150310 are also affected.
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2024

CVE-2022-28377
Publication date:
14/07/2022
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining the MAC address of the IDU's base Ethernet interface, and adding the string DEVICE_MANUFACTURER='Wistron_NeWeb_Corp.' to /etc/device_info to replicate the host environment. This occurs in /etc/init.d/wnc_factoryssidkeypwd (IDU).
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2022
Subscribe to Vulnerabilities