Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-29936

Publication date:
01/04/2021
An issue was discovered in the adtensor crate through 2021-01-11 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix.
Severity CVSS v4.0: Pending analysis
Last modification:
06/04/2021

CVE-2021-29933

Publication date:
01/04/2021
An issue was discovered in the insert_many crate through 2021-01-26 for Rust. Elements may be dropped twice if a .next() method panics.
Severity CVSS v4.0: Pending analysis
Last modification:
06/04/2021

CVE-2021-29932

Publication date:
01/04/2021
An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service (CPU and memory consumption) via a duration string with a large exponent.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-29937

Publication date:
01/04/2021
An issue was discovered in the telemetry crate through 2021-02-17 for Rust. There is a drop of uninitialized memory if a value.clone() call panics within misc::vec_with_size().
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-29934

Publication date:
01/04/2021
An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation.
Severity CVSS v4.0: Pending analysis
Last modification:
25/04/2022

CVE-2021-29251

Publication date:
01/04/2021
BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies). This affects Docker use cases in which a mail server is configured.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2021

CVE-2021-26071

Publication date:
01/04/2021
The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery (CSRF) vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
30/03/2022

CVE-2020-36286

Publication date:
01/04/2021
The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly visible issue field.
Severity CVSS v4.0: Pending analysis
Last modification:
30/03/2022

CVE-2020-36238

Publication date:
01/04/2021
The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check.
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2022

CVE-2021-29349

Publication date:
31/03/2021
Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_delete_all_notifications request, which leads to removing all messages from a mailbox.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2021

CVE-2021-28994

Publication date:
31/03/2021
kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-27220

Publication date:
31/03/2021
An issue was discovered in PRTG Network Monitor before 21.1.66.1623. By invoking the screenshot functionality with prepared context paths, an attacker is able to verify the existence of certain files on the filesystem of the PRTG's Web server.
Severity CVSS v4.0: Pending analysis
Last modification:
06/04/2021