Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-38890
Publication date:
15/09/2022
Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2022

CVE-2022-37861
Publication date:
15/09/2022
There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 V4.0-201809201424 router device. It is necessary to know that the device account password is allowed to escape the execution system command through the network tools in the network diagnostic component.
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2022

CVE-2022-37201
Publication date:
15/09/2022
JFinal CMS 5.1.0 is vulnerable to SQL Injection.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2022

CVE-2022-37264
Publication date:
15/09/2022
Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2022

CVE-2022-40636
Publication date:
15/09/2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17044.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2022

CVE-2022-40637
Publication date:
15/09/2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17045.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2022

CVE-2022-40639
Publication date:
15/09/2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17207.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2022

CVE-2022-40638
Publication date:
15/09/2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17102.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2022

CVE-2022-1798
Publication date:
15/09/2022
A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/ is not accessible.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2022

CVE-2022-38600
Publication date:
15/09/2022
Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf_vo.c.
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2022

CVE-2022-37262
Publication date:
15/09/2022
A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-38855
Publication date:
15/09/2022
Certain The MPlayer Project products are vulnerable to Buffer Overflow via function gen_sh_video () of mplayer/libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2023
Subscribe to Vulnerabilities