Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-22767

Publication date:

11/06/2021

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276

Severity CVSS v4.0: Pending analysis

Last modification:

03/08/2024

CVE-2021-22768

Publication date:

11/06/2021

Severity CVSS v4.0: Pending analysis

Last modification:

03/08/2024

CVE-2021-22769

Publication date:

11/06/2021

A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted.

Severity CVSS v4.0: Pending analysis

Last modification:

20/09/2021

CVE-2021-22895

Publication date:

11/06/2021

Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow.

Severity CVSS v4.0: Pending analysis

Last modification:

02/12/2021

CVE-2021-22897

Publication date:

11/06/2021

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.

Severity CVSS v4.0: Pending analysis

Last modification:

30/08/2022

CVE-2021-22758

Publication date:

11/06/2021

A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack validation of user-supplied input data, when a malicious CGF file is imported to IGSS Definition.

Severity CVSS v4.0: Pending analysis

Last modification:

15/06/2021

CVE-2021-22759

Publication date:

11/06/2021

A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition.

Severity CVSS v4.0: Pending analysis

Last modification:

15/06/2021

CVE-2021-22760

Publication date:

11/06/2021

A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition.

Severity CVSS v4.0: Pending analysis

Last modification:

15/06/2021

CVE-2021-22761

Publication date:

11/06/2021

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code e+F15xecution due to missing length check on user supplied data, when a malicious CGF file is imported to IGSS Definition.

Severity CVSS v4.0: Pending analysis

Last modification:

15/06/2021

CVE-2021-22762

Publication date:

11/06/2021

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in remote code execution, when a malicious CGF or WSP file is being parsed by IGSS Definition.

Severity CVSS v4.0: Pending analysis

Last modification:

15/06/2021

CVE-2021-22896

Publication date:

11/06/2021

Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users.

Severity CVSS v4.0: Pending analysis

Last modification:

22/06/2021

CVE-2021-22763

Publication date:

11/06/2021

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

Subscribe to Vulnerabilities