Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-36427
Publication date:
19/07/2021
GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image.
Severity CVSS v4.0: Pending analysis
Last modification:
28/07/2021

CVE-2020-22650
Publication date:
19/07/2021
A memory leak vulnerability in sim-organizer.c of AlienVault Ossim v5 causes a denial of service (DOS) via a system crash triggered by the occurrence of a large number of alarm events.
Severity CVSS v4.0: Pending analysis
Last modification:
29/07/2021

CVE-2021-34675
Publication date:
19/07/2021
Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports.
Severity CVSS v4.0: Pending analysis
Last modification:
29/07/2021

CVE-2021-34676
Publication date:
19/07/2021
Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation.
Severity CVSS v4.0: Pending analysis
Last modification:
29/07/2021

CVE-2021-36799
Publication date:
19/07/2021
KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2024

CVE-2020-36421
Publication date:
19/07/2021
An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed.
Severity CVSS v4.0: Pending analysis
Last modification:
03/12/2025

CVE-2020-20230
Publication date:
19/07/2021
Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
Severity CVSS v4.0: Pending analysis
Last modification:
08/09/2022

CVE-2021-29780
Publication date:
19/07/2021
IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authenticated user to perform actions that they should not have access to due to improper input validation. IBM X-Force ID: 203085.
Severity CVSS v4.0: Pending analysis
Last modification:
26/07/2021

CVE-2021-20507
Publication date:
19/07/2021
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235.
Severity CVSS v4.0: Pending analysis
Last modification:
26/07/2021

CVE-2020-5031
Publication date:
19/07/2021
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193738.
Severity CVSS v4.0: Pending analysis
Last modification:
26/07/2021

CVE-2021-29707
Publication date:
19/07/2021
IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 200879.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-20109
Publication date:
19/07/2021
Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the agent's HTTP request verifying its authtoken. In AEAgent.cpp, the agent responding back over HTTP is vulnerable to a Heap Overflow if the POST payload response is too large. The POST payload response is converted to Unicode using vswprintf. This is written to a buffer only 0x2000 bytes big. If POST payload is larger, then heap overflow will occur.
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2022
Subscribe to Vulnerabilities