Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-40142

Publication date:

27/08/2021

In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.

Severity CVSS v4.0: Pending analysis

Last modification:

03/09/2022

CVE-2021-39168

Publication date:

27/08/2021

OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team&#39;s control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining.

Severity CVSS v4.0: Pending analysis

Last modification:

01/09/2021

CVE-2021-39167

Publication date:

27/08/2021

Severity CVSS v4.0: Pending analysis

Last modification:

01/09/2021

CVE-2020-20675

Publication date:

26/08/2021

Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoodsListByConditions/.

Severity CVSS v4.0: Pending analysis

Last modification:

27/08/2021

CVE-2021-39165

Publication date:

26/08/2021

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator&#39;s password and session. The original repository of Cachet is not active, the stable version 2.3.18 and it&#39;s developing 2.4 branch is affected.

Severity CVSS v4.0: Pending analysis

Last modification:

01/09/2021

CVE-2021-29727

Publication date:

26/08/2021

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 201106.

Severity CVSS v4.0: Pending analysis

Last modification:

13/09/2021

CVE-2021-37715

Publication date:

26/08/2021

A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Aruba has released upgrades for the Aruba AirWave Management Platform that address this security vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

07/09/2021

CVE-2021-29801

Publication date:

26/08/2021

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBM X-Force ID: 203977.

Severity CVSS v4.0: Pending analysis

Last modification:

07/09/2021

CVE-2021-29862

Publication date:

26/08/2021

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 206086.

Severity CVSS v4.0: Pending analysis

Last modification:

07/09/2021

CVE-2021-29772

Publication date:

26/08/2021

IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774.

Severity CVSS v4.0: Pending analysis

Last modification:

01/09/2021

CVE-2021-39161

Publication date:

26/08/2021

Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scripting(XSS) attacks. This is mitigated by Discourse&#39;s default Content Security Policy and this vulnerability only affects sites which have modified or disabled or changed Discourse&#39;s default Content Security Policy have allowed for moderators to modify categories. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks.

Severity CVSS v4.0: Pending analysis

Last modification:

01/09/2021

CVE-2021-29715

Publication date:

26/08/2021

IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. IBM X-Force ID: 201018.

Severity CVSS v4.0: Pending analysis

Last modification:

12/07/2022

Subscribe to Vulnerabilities