Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-40563
Publication date:
12/01/2022
A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the naludmx_create_avc_decoder_config function in reframe_nalu.c when using mp4box, which causes a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
27/05/2023

CVE-2021-37530
Publication date:
12/01/2022
A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.
Severity CVSS v4.0: Pending analysis
Last modification:
19/01/2022

CVE-2021-37529
Publication date:
12/01/2022
A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).
Severity CVSS v4.0: Pending analysis
Last modification:
19/01/2022

CVE-2021-40559
Publication date:
12/01/2022
A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc function in reframe_nalu, which allows a denail of service.
Severity CVSS v4.0: Pending analysis
Last modification:
27/05/2023

CVE-2022-20621
Publication date:
12/01/2022
Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2023

CVE-2022-23105
Publication date:
12/01/2022
Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.
Severity CVSS v4.0: Pending analysis
Last modification:
15/11/2023

CVE-2022-23106
Publication date:
12/01/2022
Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.
Severity CVSS v4.0: Pending analysis
Last modification:
15/11/2023

CVE-2022-23108
Publication date:
12/01/2022
Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Severity CVSS v4.0: Pending analysis
Last modification:
15/11/2023

CVE-2022-23109
Publication date:
12/01/2022
Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed.
Severity CVSS v4.0: Pending analysis
Last modification:
15/11/2023

CVE-2022-23110
Publication date:
12/01/2022
Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.
Severity CVSS v4.0: Pending analysis
Last modification:
15/11/2023

CVE-2022-23111
Publication date:
12/01/2022
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2023

CVE-2022-23112
Publication date:
12/01/2022
A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2023
Subscribe to Vulnerabilities