Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-25902
Publication date:
26/01/2021
An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, map_array can perform a double drop.
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2021

CVE-2021-25901
Publication date:
26/01/2021
An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race.
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2021

CVE-2021-25900
Publication date:
26/01/2021
An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many.
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2021

CVE-2021-25903
Publication date:
26/01/2021
An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced.
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2021

CVE-2021-25905
Publication date:
26/01/2021
An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory.
Severity CVSS v4.0: Pending analysis
Last modification:
03/05/2022

CVE-2021-25863
Publication date:
26/01/2021
Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2021-25864
Publication date:
26/01/2021
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.
Severity CVSS v4.0: Pending analysis
Last modification:
16/08/2023

CVE-2021-22871
Publication date:
26/01/2021
Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2021

CVE-2021-22873
Publication date:
26/01/2021
Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2021

CVE-2021-22872
Publication date:
26/01/2021
Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable.
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2021

CVE-2021-21615
Publication date:
26/01/2021
Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2021-21723
Publication date:
26/01/2021
Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12.
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2021
Subscribe to Vulnerabilities