Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-39630

Publication date:

14/01/2022

In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-202768292

Severity CVSS v4.0: Pending analysis

Last modification:

12/07/2022

CVE-2021-39678

Publication date:

14/01/2022

In of , there is a possible bypass of Factory Reset Protection due to . This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171742549References: N/A

Severity CVSS v4.0: Pending analysis

Last modification:

12/07/2022

CVE-2021-39684

Publication date:

14/01/2022

In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-203250788References: N/A

Severity CVSS v4.0: Pending analysis

Last modification:

12/07/2022

CVE-2021-39633

Publication date:

14/01/2022

In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150694665References: Upstream kernel

Severity CVSS v4.0: Pending analysis

Last modification:

08/08/2023

CVE-2021-42067

Publication date:

14/01/2022

In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible.

Severity CVSS v4.0: Pending analysis

Last modification:

08/08/2023

CVE-2021-39626

Publication date:

14/01/2022

In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194695497

Severity CVSS v4.0: Pending analysis

Last modification:

20/01/2022

CVE-2021-39620

Publication date:

14/01/2022

In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-203847542

Severity CVSS v4.0: Pending analysis

Last modification:

15/01/2022

CVE-2021-23157

Publication date:

14/01/2022

WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.

Severity CVSS v4.0: Pending analysis

Last modification:

09/02/2022

CVE-2021-38126

Publication date:

14/01/2022

Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS).

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2021-38127

Publication date:

14/01/2022

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2021-23567

Publication date:

14/01/2022

The package colors after 1.4.0 are vulnerable to Denial of Service (DoS) that was introduced through an infinite loop in the americanFlag module. Unfortunately this appears to have been a purposeful attempt by a maintainer of colors to make the package unusable, other maintainers&#39; controls over this package appear to have been revoked in an attempt to prevent them from fixing the issue. Vulnerable Code js for (let i = 666; i

Severity CVSS v4.0: Pending analysis

Last modification:

21/01/2022