Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-46381
Publication date:
04/03/2022
Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2022

CVE-2021-46380
Publication date:
04/03/2022
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: Reason: This is a duplicate to CVE-2022-22511 Notes
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-46379
Publication date:
04/03/2022
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site.
Severity CVSS v4.0: Pending analysis
Last modification:
09/09/2022

CVE-2021-23214
Publication date:
04/03/2022
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-3744
Publication date:
04/03/2022
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2023

CVE-2021-3743
Publication date:
04/03/2022
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2023

CVE-2021-46378
Publication date:
04/03/2022
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download.
Severity CVSS v4.0: Pending analysis
Last modification:
09/09/2022

CVE-2022-23397
Publication date:
04/03/2022
The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. NOTE: the vendor disputes this because the ado.im reference has "no clear steps of reproduction."
Severity CVSS v4.0: Pending analysis
Last modification:
29/10/2024

CVE-2022-0839
Publication date:
04/03/2022
Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2020-18327
Publication date:
04/03/2022
Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2
Severity CVSS v4.0: Pending analysis
Last modification:
11/03/2022

CVE-2020-18324
Publication date:
04/03/2022
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.
Severity CVSS v4.0: Pending analysis
Last modification:
11/03/2022

CVE-2020-18325
Publication date:
04/03/2022
Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.
Severity CVSS v4.0: Pending analysis
Last modification:
11/03/2022
Subscribe to Vulnerabilities