Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-39729

Publication date:

16/03/2022

In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202006191References: N/A

Severity CVSS v4.0: Pending analysis

Last modification:

23/03/2022

CVE-2021-40737

Publication date:

16/03/2022

Adobe Audition version 14.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Severity CVSS v4.0: Pending analysis

Last modification:

22/03/2022

CVE-2021-39734

Publication date:

16/03/2022

In sendMessage of OneToOneChatImpl.java (? TBD), there is a possible way to send an RCS message without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208650395References: N/A

Severity CVSS v4.0: Pending analysis

Last modification:

12/07/2022

CVE-2021-39792

Publication date:

16/03/2022

In usb_gadget_giveback_request of core.c, there is a possible use after free out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161010552References: Upstream kernel

Severity CVSS v4.0: Pending analysis

Last modification:

12/07/2022

CVE-2021-40734

Publication date:

16/03/2022

Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2021-40735

Publication date:

16/03/2022

Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2021-40736

Publication date:

16/03/2022

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2021-40738

Publication date:

16/03/2022

Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

26/06/2023

CVE-2021-40740

Publication date:

16/03/2022

Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

26/06/2023

CVE-2021-40739

Publication date:

16/03/2022

Severity CVSS v4.0: Pending analysis

Last modification:

26/06/2023

CVE-2021-39707

Publication date:

16/03/2022

In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200688991

Severity CVSS v4.0: Pending analysis

Last modification:

23/03/2022

CVE-2021-39709

Publication date:

16/03/2022

In sendSipAccountsRemovedNotification of SipAccountRegistry.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-208817618

Severity CVSS v4.0: Pending analysis

Last modification:

23/03/2022

Subscribe to Vulnerabilities