Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-34363
Publication date:
10/06/2021
The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-34539
Publication date:
10/06/2021
An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of validation of the Java Version setting means that an unintended executable path can be set. The result is that high-privileged users can trigger code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2020-13938
Publication date:
10/06/2021
Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-26691
Publication date:
10/06/2021
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-17567
Publication date:
10/06/2021
Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2024

CVE-2021-30641
Publication date:
10/06/2021
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-13950
Publication date:
10/06/2021
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-35452
Publication date:
10/06/2021
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-26690
Publication date:
10/06/2021
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-3588
Publication date:
10/06/2021
The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.
Severity CVSS v4.0: Pending analysis
Last modification:
29/10/2022

CVE-2021-33393
Publication date:
09/06/2021
lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the ownership/permissions of other files may be present as well.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2020-24489
Publication date:
09/06/2021
Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
06/04/2022
Subscribe to Vulnerabilities