Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-19669
Publication date:
18/08/2021
Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2021

CVE-2021-39270
Publication date:
18/08/2021
In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-25926
Publication date:
18/08/2021
The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning (remote). The component is: dns_query_type(). The attack vector is: a specific DNS response packet.
Severity CVSS v4.0: Pending analysis
Last modification:
26/08/2021

CVE-2020-25927
Publication date:
18/08/2021
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service (remote). The component is: DNS response processing in function: dns_upcall(). The attack vector is: a specific DNS response packet. The code does not check whether the number of queries/responses specified in the DNS packet header corresponds to the query/response data available in the DNS packet.
Severity CVSS v4.0: Pending analysis
Last modification:
26/08/2021

CVE-2020-25767
Publication date:
18/08/2021
An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnc_copy_in routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bounds of the packet (e.g., forward compression pointer jumps are allowed), which leads to an Out-of-bounds Read, and a Denial-of-Service as a consequence.
Severity CVSS v4.0: Pending analysis
Last modification:
26/08/2021

CVE-2021-39286
Publication date:
18/08/2021
Webrecorder pywb before 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoescaped.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2021

CVE-2021-37617
Publication date:
18/08/2021
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its uninstaller script when being installed to make sure there are no remnants of previous installations. In versions 3.0.3 through 3.2.4, the Client searches the `Uninstall.exe` file in a folder that can be written by regular users. This could lead to a case where a malicious user creates a malicious `Uninstall.exe`, which would be executed with administrative privileges on the Nextcloud Desktop Client installation. This issue is fixed in Nextcloud Desktop Client version 3.3.0. As a workaround, do not allow untrusted users to create content in the `C:\` system folder and verify that there is no malicious `C:\Uninstall.exe` file on the system.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2022

CVE-2020-22120
Publication date:
18/08/2021
A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
26/10/2022

CVE-2020-22124
Publication date:
18/08/2021
A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2021

CVE-2020-22122
Publication date:
18/08/2021
A SQL injection vulnerability in /oa.php?c=Staff&a=read of Find a Place LJCMS v 1.3 allows attackers to access sensitive database information via a crafted POST request.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2021

CVE-2021-39282
Publication date:
18/08/2021
Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-39283
Publication date:
18/08/2021
liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities