Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-22048

Publication date:
02/06/2021
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2021

CVE-2020-22046

Publication date:
02/06/2021
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2021

CVE-2021-25288

Publication date:
02/06/2021
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-25287

Publication date:
02/06/2021
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-3468

Publication date:
02/06/2021
A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.
Severity CVSS v4.0: Pending analysis
Last modification:
22/06/2023

CVE-2021-31855

Publication date:
02/06/2021
KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload the decrypted content of the message to the remote server. With a crafted message, a user could be tricked into decrypting an encrypted message and then deleting an attachment attached to this message. If the attacker has access to the messages stored on the email server, then the attacker could read the decrypted content of the encrypted message. This occurs in ViewerPrivate::deleteAttachment in messageviewer/src/viewer/viewer_p.cpp.
Severity CVSS v4.0: Pending analysis
Last modification:
08/11/2023

CVE-2009-0947

Publication date:
02/06/2021
Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2009-0948

Publication date:
02/06/2021
Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2021-3530

Publication date:
02/06/2021
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.
Severity CVSS v4.0: Pending analysis
Last modification:
28/09/2022

CVE-2021-26707

Publication date:
02/06/2021
The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2022

CVE-2019-12067

Publication date:
02/06/2021
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2022

CVE-2021-28675

Publication date:
02/06/2021
An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023