Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-4214

Publication date:

24/08/2022

A heap overflow flaw was found in libpngs&#39; pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.

Severity CVSS v4.0: Pending analysis

Last modification:

08/11/2022

CVE-2021-4217

Publication date:

24/08/2022

A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

Severity CVSS v4.0: Pending analysis

Last modification:

29/11/2022

CVE-2021-4218

Publication date:

24/08/2022

A flaw was found in the Linux kernel’s implementation of reading the SVC RDMA counters. Reading the counter sysctl panics the system. This flaw allows a local attacker with local access to cause a denial of service while the system reboots. The issue is specific to CentOS/RHEL.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2021-4028

Publication date:

24/08/2022

A flaw in the Linux kernel&#39;s implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.

Severity CVSS v4.0: Pending analysis

Last modification:

10/02/2023

CVE-2021-3998

Publication date:

24/08/2022

A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.

Severity CVSS v4.0: Pending analysis

Last modification:

09/06/2025

CVE-2021-4142

Publication date:

24/08/2022

The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2021-4158

Publication date:

24/08/2022

A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

Severity CVSS v4.0: Pending analysis

Last modification:

25/01/2024

CVE-2021-4213

Publication date:

24/08/2022

A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.

Severity CVSS v4.0: Pending analysis

Last modification:

29/08/2022

CVE-2021-4155

Publication date:

24/08/2022

A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.

Severity CVSS v4.0: Pending analysis

Last modification:

29/08/2022

CVE-2021-4122

Publication date:

24/08/2022

It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium.

Severity CVSS v4.0: Pending analysis

Last modification:

29/08/2022

CVE-2021-4041

Publication date:

24/08/2022

A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansible_runner.interface.run_command, can lead to parameters getting executed as host&#39;s shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual environment.

Severity CVSS v4.0: Pending analysis

Last modification:

29/08/2022

CVE-2021-4040

Publication date:

24/08/2022

A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt availability to the broker through a sustained attack of maliciously crafted messages. The highest threat from this vulnerability is system availability.

Severity CVSS v4.0: Pending analysis

Last modification:

29/08/2022

Subscribe to Vulnerabilities