Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-25048
Publication date:
01/07/2021
LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print).
Severity CVSS v4.0: Pending analysis
Last modification:
08/07/2021

CVE-2018-25017
Publication date:
01/07/2021
RawSpeed (aka librawspeed) 3.1 has a heap-based buffer overflow in TableLookUp::setTable.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2021

CVE-2020-36405
Publication date:
01/07/2021
Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::getToken.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2021

CVE-2020-36404
Publication date:
01/07/2021
Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl::~SmallVectorImpl.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2021

CVE-2020-36402
Publication date:
01/07/2021
Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLib2Interface::querySolver. NOTE: c39a5e2b7a3fabbf687f53a2823fc087be6c1a7e is cited in the OSV "fixed" field but does not have a code change.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2021

CVE-2020-36401
Publication date:
01/07/2021
mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free).
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2021

CVE-2019-25049
Publication date:
01/07/2021
LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx).
Severity CVSS v4.0: Pending analysis
Last modification:
08/07/2021

CVE-2021-28804
Publication date:
01/07/2021
A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107. QNAP Systems Inc. QuTS hero versions prior to h4.5.1.1582 build 20210217.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2021

CVE-2020-36194
Publication date:
01/07/2021
An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.2.1566 Build 20210202. QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 build 20210414. This issue does not affect: QNAP Systems Inc. QTS 4.5.3.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2021

CVE-2020-36196
Publication date:
01/07/2021
A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2021

CVE-2021-28802
Publication date:
01/07/2021
A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107. QNAP Systems Inc. QuTS hero versions prior to h4.5.1.1582 build 20210217.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2021

CVE-2021-28803
Publication date:
01/07/2021
This issue affects: QNAP Systems Inc. Q'center versions prior to 1.11.1004.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2021
Subscribe to Vulnerabilities