Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-23652
Publication date:
22/02/2022
capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious `Connection` header to start a privilege escalation attack towards the Kubernetes API Server. This vulnerability allows for an exploit of the `cluster-admin` Role bound to `capsule-proxy`. There are no known workarounds for this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
01/03/2022

CVE-2022-0714
Publication date:
22/02/2022
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-23654
Publication date:
22/02/2022
Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path access against the user-provided values instead of the actual path associated to the page ID. Commit https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b fixes this vulnerability by checking access control on the path associated with the page ID instead of the user-provided value. When the path is different than the current value, a second access control check is then performed on the user-provided path before the move operation.
Severity CVSS v4.0: Pending analysis
Last modification:
24/07/2023

CVE-2022-23608
Publication date:
22/02/2022
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2022-0713
Publication date:
22/02/2022
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-46699
Publication date:
22/02/2022
A vulnerability has been identified in Simcenter Femap (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2022

CVE-2022-0712
Publication date:
22/02/2022
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-46162
Publication date:
22/02/2022
A vulnerability has been identified in Simcenter Femap (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2022

CVE-2022-0665
Publication date:
22/02/2022
Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2.
Severity CVSS v4.0: Pending analysis
Last modification:
01/03/2022

CVE-2022-0676
Publication date:
22/02/2022
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-24564
Publication date:
21/02/2022
Checkmk
Severity CVSS v4.0: Pending analysis
Last modification:
23/07/2024

CVE-2021-4115
Publication date:
21/02/2022
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities