Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-28163
Publication date:
06/05/2022
In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2022

CVE-2022-28164
Publication date:
06/05/2022
Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-28005
Publication date:
06/05/2022
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-28970
Publication date:
06/05/2022
Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow via the mac parameter in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS).
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2022

CVE-2022-28971
Publication date:
06/05/2022
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS).
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2022

CVE-2022-28969
Publication date:
06/05/2022
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS).
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2022

CVE-2022-28972
Publication date:
06/05/2022
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS).
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2022

CVE-2022-28973
Publication date:
06/05/2022
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS).
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2022

CVE-2020-19212
Publication date:
06/05/2022
SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2022

CVE-2020-19213
Publication date:
06/05/2022
SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2022

CVE-2020-19215
Publication date:
06/05/2022
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2022

CVE-2020-19216
Publication date:
06/05/2022
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2022
Subscribe to Vulnerabilities