Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-44556
Publication date:
08/11/2022
Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2021-40303
Publication date:
08/11/2022
perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44319
Publication date:
08/11/2022
PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioBasePrintf function in cstdlib/string.c when called from ExpressionParseFunctionCall.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44317
Publication date:
08/11/2022
PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44318
Publication date:
08/11/2022
PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrcat function in cstdlib/string.c when called from ExpressionParseFunctionCall.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44316
Publication date:
08/11/2022
PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexGetStringConstant function in lex.c when called from LexScanGetToken.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44320
Publication date:
08/11/2022
PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceFP function in expression.c when called from ExpressionParseFunctionCall.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44321
Publication date:
08/11/2022
PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexSkipComment function in lex.c when called from LexScanGetToken.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-41757
Publication date:
08/11/2022
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to obtain write access to read-only memory, or obtain access to already freed memory. This affects Valhall r29p0 through r38p1 before r38p2, and r39p0 before r40p0.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-43343
Publication date:
08/11/2022
N-Prolog v1.91 was discovered to contain a global buffer overflow vulnerability in the function gettoken() at Main.c.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44311
Publication date:
08/11/2022
html2xhtml v1.3 was discovered to contain an Out-Of-Bounds read in the function static void elm_close(tree_node_t *nodo) at procesador.c. This vulnerability allows attackers to access sensitive files or cause a Denial of Service (DoS) via a crafted html file.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2022-44312
Publication date:
08/11/2022
PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceInteger function in expression.c when called from ExpressionInfixOperator.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025
Subscribe to Vulnerabilities