Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-31342

Publication date:
08/06/2021
The ugeom2d.dll library in all versions of Solid Edge SE2020 before 2020MP14 and all versions of Solid Edge SE2021 before SE2021MP5 lack proper validation of user-supplied data when parsing DFT files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.
Severity CVSS v4.0: Pending analysis
Last modification:
21/09/2021

CVE-2021-27399

Publication date:
08/06/2021
A vulnerability has been identified in Simcenter Femap 2020.2 (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2021

CVE-2021-27387

Publication date:
08/06/2021
A vulnerability has been identified in Simcenter Femap 2020.2 (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2021

CVE-2021-22220

Publication date:
08/06/2021
An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored XSS in blob viewer of notebooks.
Severity CVSS v4.0: Pending analysis
Last modification:
10/12/2021

CVE-2020-26136

Publication date:
08/06/2021
In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2021

CVE-2021-22216

Publication date:
08/06/2021
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description
Severity CVSS v4.0: Pending analysis
Last modification:
15/06/2021

CVE-2021-27390

Publication date:
08/06/2021
A vulnerability has been identified in JT2Go (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
21/06/2021

CVE-2021-26473

Publication date:
08/06/2021
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server.
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2022

CVE-2021-26471

Publication date:
08/06/2021
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands.
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2022

CVE-2021-26472

Publication date:
08/06/2021
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
06/04/2022

CVE-2021-26474

Publication date:
08/06/2021
Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.)
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2022

CVE-2021-22219

Publication date:
08/06/2021
All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.
Severity CVSS v4.0: Pending analysis
Last modification:
22/07/2022