Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-37841

Publication date:
12/08/2021
Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with low privilege to read, write and possibly even execute code inside the containers.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-38088

Publication date:
12/08/2021
Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-38086

Publication date:
12/08/2021
Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2021

CVE-2021-38087

Publication date:
12/08/2021
Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009.
Severity CVSS v4.0: Pending analysis
Last modification:
20/08/2021

CVE-2020-28165

Publication date:
12/08/2021
The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function.
Severity CVSS v4.0: Pending analysis
Last modification:
20/08/2021

CVE-2020-24576

Publication date:
12/08/2021
Netskope Client through 77 allows low-privileged users to elevate their privileges to NT AUTHORITY\SYSTEM.
Severity CVSS v4.0: Pending analysis
Last modification:
20/08/2021

CVE-2021-37222

Publication date:
12/08/2021
Parsers in the open source project RCDCAP before 1.0.5 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via specially crafted packets.
Severity CVSS v4.0: Pending analysis
Last modification:
20/08/2021

CVE-2021-38593

Publication date:
12/08/2021
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).
Severity CVSS v4.0: Pending analysis
Last modification:
03/02/2024

CVE-2021-38592

Publication date:
12/08/2021
Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called from EvaluateExpression and m3_LoadModule).
Severity CVSS v4.0: Pending analysis
Last modification:
20/08/2021

CVE-2021-38591

Publication date:
12/08/2021
An issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt6883. Attackers can change some of the NvRAM content by leveraging the misconfiguration of a debug command. The LG ID is LVE-SMP-210005 (August 2021).
Severity CVSS v4.0: Pending analysis
Last modification:
20/08/2021

CVE-2021-37699

Publication date:
12/08/2021
Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/_error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attacker's domain from a trusted domain. We recommend everyone to upgrade regardless of whether you can reproduce the issue or not. The issue has been patched in release 11.1.0.
Severity CVSS v4.0: Pending analysis
Last modification:
20/08/2021

CVE-2021-38587

Publication date:
11/08/2021
In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586).
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022