Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-32493
Publication date:
24/06/2021
A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences.
Severity CVSS v4.0: Pending analysis
Last modification:
21/12/2022

CVE-2021-32709
Publication date:
24/06/2021
Shopware is an open source eCommerce platform. Creation of order credits was not validated by ACL in admin orders. Users are recommend to update to the current version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
Severity CVSS v4.0: Pending analysis
Last modification:
01/07/2021

CVE-2021-33004
Publication date:
24/06/2021
The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2022

CVE-2020-18668
Publication date:
24/06/2021
Cross Site Scripting (XSS) vulnerabililty in WebPort
Severity CVSS v4.0: Pending analysis
Last modification:
01/07/2021

CVE-2021-33002
Publication date:
24/06/2021
Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior).
Severity CVSS v4.0: Pending analysis
Last modification:
01/07/2021

CVE-2021-33000
Publication date:
24/06/2021
Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).
Severity CVSS v4.0: Pending analysis
Last modification:
01/07/2021

CVE-2021-32708
Publication date:
24/06/2021
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the path or filename of an uploaded file, the supplied path or filename is not checked against unicode chars, the supplied pathname checked against an extension deny-list, not an allow-list, the supplied path or filename contains a unicode whitespace char in the extension, the uploaded file is stored in a directory that allows PHP code to be executed. Given these conditions are met a user can upload and execute arbitrary code on the system under attack. The unicode whitespace removal has been replaced with a rejection (exception). For 1.x users, upgrade to 1.1.4. For 2.x users, upgrade to 2.1.1.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-21574
Publication date:
24/06/2021
Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.
Severity CVSS v4.0: Pending analysis
Last modification:
30/06/2021

CVE-2020-18667
Publication date:
24/06/2021
SQL Injection vulnerability in WebPort
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2021

CVE-2021-21571
Publication date:
24/06/2021
Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and payload tampering.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2021

CVE-2021-21573
Publication date:
24/06/2021
Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.
Severity CVSS v4.0: Pending analysis
Last modification:
30/06/2021

CVE-2021-21572
Publication date:
24/06/2021
Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.
Severity CVSS v4.0: Pending analysis
Last modification:
30/06/2021
Subscribe to Vulnerabilities