Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-2036
Publication date:
09/06/2022
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1.
Severity CVSS v4.0: Pending analysis
Last modification:
15/06/2022

CVE-2022-2014
Publication date:
09/06/2022
Code Injection in GitHub repository jgraph/drawio prior to 19.0.2.
Severity CVSS v4.0: Pending analysis
Last modification:
15/06/2022

CVE-2022-2026
Publication date:
09/06/2022
Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0.
Severity CVSS v4.0: Pending analysis
Last modification:
15/06/2022

CVE-2022-2015
Publication date:
09/06/2022
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2.
Severity CVSS v4.0: Pending analysis
Last modification:
15/06/2022

CVE-2022-2037
Publication date:
09/06/2022
Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0.
Severity CVSS v4.0: Pending analysis
Last modification:
15/06/2022

CVE-2022-2027
Publication date:
09/06/2022
Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0.
Severity CVSS v4.0: Pending analysis
Last modification:
15/06/2022

CVE-2022-30556
Publication date:
09/06/2022
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-30522
Publication date:
09/06/2022
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-29404
Publication date:
09/06/2022
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-26377
Publication date:
09/06/2022
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-28614
Publication date:
09/06/2022
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-26364
Publication date:
09/06/2022
x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities