Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-23368

Publication date:
12/04/2021
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-23369

Publication date:
12/04/2021
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
Severity CVSS v4.0: Pending analysis
Last modification:
08/06/2021

CVE-2021-23371

Publication date:
12/04/2021
This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2021

CVE-2020-24285

Publication date:
12/04/2021
INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx.
Severity CVSS v4.0: Pending analysis
Last modification:
09/09/2021

CVE-2021-29379

Publication date:
12/04/2021
An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Severity CVSS v4.0: Pending analysis
Last modification:
03/08/2024

CVE-2015-20001

Publication date:
11/04/2021
In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory safety violation.
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2021

CVE-2020-36318

Publication date:
11/04/2021
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
Severity CVSS v4.0: Pending analysis
Last modification:
26/04/2021

CVE-2020-36317

Publication date:
11/04/2021
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string.
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2022

CVE-2021-28879

Publication date:
11/04/2021
In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-28877

Publication date:
11/04/2021
In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2022

CVE-2021-28878

Publication date:
11/04/2021
In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-28875

Publication date:
11/04/2021
In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2022