Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-36310
Publication date:
07/04/2021
An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2022

CVE-2020-36311
Publication date:
07/04/2021
An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184.
Severity CVSS v4.0: Pending analysis
Last modification:
03/05/2022

CVE-2021-27900
Publication date:
06/04/2021
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. This enables a view-only user to change any configuration setting and delete any registered agents. All versions before 7.11.1 are affected.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2021

CVE-2020-13420
Publication date:
06/04/2021
OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2021

CVE-2021-27899
Publication date:
06/04/2021
The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack. All versions before 7.11.1 are affected. Agents for Windows and Cloud are not affected.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2021

CVE-2021-22157
Publication date:
06/04/2021
Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 allows stored XSS.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2021

CVE-2021-22158
Publication date:
06/04/2021
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file's encryption key to successfully exploit. All versions before 7.11 are affected.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2021

CVE-2020-13421
Publication date:
06/04/2021
OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2020-13422
Publication date:
06/04/2021
OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions.
Severity CVSS v4.0: Pending analysis
Last modification:
05/11/2022

CVE-2020-13419
Publication date:
06/04/2021
OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2021

CVE-2020-13418
Publication date:
06/04/2021
OpenIAM before 4.2.0.3 allows XSS in the Add New User feature.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2021

CVE-2021-21404
Publication date:
06/04/2021
Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for the same reason if given a malformed message from a malicious relay server when attempting to join the relay. Relay joins are essentially random (from a subset of low latency relays) and Syncthing will by default restart when crashing, at which point it's likely to pick another non-malicious relay. This flaw is fixed in version 1.15.0.
Severity CVSS v4.0: Pending analysis
Last modification:
14/04/2021
Subscribe to Vulnerabilities