Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-39159
Publication date:
25/08/2021
BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input could execute code in the BinderHub context, with the potential to egress credentials of the BinderHub deployment, including JupyterHub API tokens, kubernetes service accounts, and docker registry credentials. This may provide the ability to manipulate images and other user created pods in the deployment, with the potential to escalate to the host depending on the underlying kubernetes configuration. Users are advised to update to version 0.2.0-n653. If users are unable to update they may disable the git repo provider by specifying the `BinderHub.repo_providers` as a workaround.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2022

CVE-2021-32975
Publication date:
25/08/2021
Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute code in the context of the current process.
Severity CVSS v4.0: Pending analysis
Last modification:
30/08/2021

CVE-2021-33015
Publication date:
25/08/2021
Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write via an uninitialized pointer. An attacker could leverage this vulnerability to execute code in the context of the current process.
Severity CVSS v4.0: Pending analysis
Last modification:
01/09/2021

CVE-2021-32995
Publication date:
25/08/2021
Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute code in the context of the current process.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2022

CVE-2021-22250
Publication date:
25/08/2021
Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account
Severity CVSS v4.0: Pending analysis
Last modification:
03/05/2022

CVE-2021-22244
Publication date:
25/08/2021
Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data
Severity CVSS v4.0: Pending analysis
Last modification:
03/05/2022

CVE-2021-22243
Publication date:
25/08/2021
Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group.
Severity CVSS v4.0: Pending analysis
Last modification:
31/08/2021

CVE-2021-22245
Publication date:
25/08/2021
Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view
Severity CVSS v4.0: Pending analysis
Last modification:
31/08/2021

CVE-2021-22247
Publication date:
25/08/2021
Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics
Severity CVSS v4.0: Pending analysis
Last modification:
31/08/2021

CVE-2021-22256
Publication date:
25/08/2021
Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status
Severity CVSS v4.0: Pending analysis
Last modification:
31/08/2021

CVE-2021-31989
Publication date:
25/08/2021
A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices.
Severity CVSS v4.0: Pending analysis
Last modification:
08/11/2024

CVE-2021-22236
Publication date:
25/08/2021
Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1.
Severity CVSS v4.0: Pending analysis
Last modification:
31/08/2021
Subscribe to Vulnerabilities