Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-43545

Publication date:

08/12/2021

Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird

Severity CVSS v4.0: Pending analysis

Last modification:

09/12/2022

CVE-2021-44529

Publication date:

08/12/2021

A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).

Severity CVSS v4.0: Pending analysis

Last modification:

03/11/2025

CVE-2021-43534

Publication date:

08/12/2021

Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox

Severity CVSS v4.0: Pending analysis

Last modification:

17/03/2022

CVE-2021-43535

Publication date:

08/12/2021

A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox

Severity CVSS v4.0: Pending analysis

Last modification:

17/03/2022

CVE-2021-43527

Publication date:

08/12/2021

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS

Severity CVSS v4.0: Pending analysis

Last modification:

23/02/2023

CVE-2021-43528

Publication date:

08/12/2021

Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird

Severity CVSS v4.0: Pending analysis

Last modification:

09/12/2022

CVE-2021-38508

Publication date:

08/12/2021

By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox

Severity CVSS v4.0: Pending analysis

Last modification:

09/12/2022

CVE-2021-43542

Publication date:

08/12/2021

Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird

Severity CVSS v4.0: Pending analysis

Last modification:

09/12/2022

CVE-2021-43538

Publication date:

08/12/2021

By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird

Severity CVSS v4.0: Pending analysis

Last modification:

09/12/2022

CVE-2021-43539

Publication date:

08/12/2021

Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird

Severity CVSS v4.0: Pending analysis

Last modification:

09/12/2022

CVE-2021-43541

Publication date:

08/12/2021

When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird

Severity CVSS v4.0: Pending analysis

Last modification:

09/12/2022

CVE-2021-43540

Publication date:

08/12/2021

WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox

Severity CVSS v4.0: Pending analysis

Last modification:

12/07/2022

Subscribe to Vulnerabilities