Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-41080
Publication date:
11/11/2021
Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a hardware details search.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-43573
Publication date:
11/11/2021
A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame.
Severity CVSS v4.0: Pending analysis
Last modification:
21/12/2021

CVE-2021-40872
Publication date:
10/11/2021
An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) or login as an anonymous user (bypassing security checks) by sending crafted messages to a OPC/UA server. The server process may crash unexpectedly because of an invalid type cast, and must be restarted.
Severity CVSS v4.0: Pending analysis
Last modification:
16/11/2021

CVE-2021-40871
Publication date:
10/11/2021
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted.
Severity CVSS v4.0: Pending analysis
Last modification:
16/11/2021

CVE-2021-40873
Publication date:
10/11/2021
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted.
Severity CVSS v4.0: Pending analysis
Last modification:
16/11/2021

CVE-2021-33816
Publication date:
10/11/2021
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.
Severity CVSS v4.0: Pending analysis
Last modification:
17/11/2022

CVE-2021-33618
Publication date:
10/11/2021
Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and
Severity CVSS v4.0: Pending analysis
Last modification:
17/11/2022

CVE-2020-23904
Publication date:
10/11/2021
A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2024

CVE-2020-23903
Publication date:
10/11/2021
A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-23902
Publication date:
10/11/2021
A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address may be used as a return value starting at Editor!TMethodImplementationIntercept+0x528a3.
Severity CVSS v4.0: Pending analysis
Last modification:
13/11/2021

CVE-2020-23901
Publication date:
10/11/2021
A User Mode Write AV in Editor+0x5d15 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.
Severity CVSS v4.0: Pending analysis
Last modification:
13/11/2021

CVE-2020-23900
Publication date:
10/11/2021
A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address controls Code Flow starting at Editor!TMethodImplementationIntercept+0x57a3b.
Severity CVSS v4.0: Pending analysis
Last modification:
13/11/2021
Subscribe to Vulnerabilities