Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-36130
Publication date:
02/12/2021
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2024

CVE-2020-36131
Publication date:
02/12/2021
AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2024

CVE-2020-36133
Publication date:
02/12/2021
AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2024

CVE-2020-36135
Publication date:
02/12/2021
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2024

CVE-2020-36134
Publication date:
02/12/2021
AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2024

CVE-2021-28236
Publication date:
02/12/2021
LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2021

CVE-2021-28237
Publication date:
02/12/2021
LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2021

CVE-2020-36129
Publication date:
02/12/2021
AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2024

CVE-2021-43327
Publication date:
02/12/2021
An issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can extract the security ID key from the device. Then, the protected firmware can be extracted.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2021-44050
Publication date:
02/12/2021
CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2021

CVE-2021-40333
Publication date:
02/12/2021
Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.
Severity CVSS v4.0: Pending analysis
Last modification:
07/12/2021

CVE-2021-40334
Publication date:
02/12/2021
Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.
Severity CVSS v4.0: Pending analysis
Last modification:
08/12/2021
Subscribe to Vulnerabilities