Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-30360
Publication date:
10/01/2022
Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
14/01/2022

CVE-2021-23594
Publication date:
10/01/2022
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.
Severity CVSS v4.0: Pending analysis
Last modification:
13/01/2022

CVE-2021-23568
Publication date:
10/01/2022
The package extend2 before 1.0.1 are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge.
Severity CVSS v4.0: Pending analysis
Last modification:
13/01/2022

CVE-2021-32996
Publication date:
10/01/2022
The FANUC R-30iA and R-30iB series controllers are vulnerable to integer coercion errors, which cause the device to crash. A restart is required.
Severity CVSS v4.0: Pending analysis
Last modification:
17/04/2025

CVE-2021-32998
Publication date:
10/01/2022
The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. INIT START/restore from backup required.
Severity CVSS v4.0: Pending analysis
Last modification:
17/04/2025

CVE-2020-9058
Publication date:
10/01/2022
Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection.
Severity CVSS v4.0: Pending analysis
Last modification:
18/01/2022

CVE-2020-9057
Publication date:
10/01/2022
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable.
Severity CVSS v4.0: Pending analysis
Last modification:
18/01/2022

CVE-2020-9061
Publication date:
10/01/2022
Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages.
Severity CVSS v4.0: Pending analysis
Last modification:
18/01/2022

CVE-2021-20046
Publication date:
10/01/2022
A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions.
Severity CVSS v4.0: Pending analysis
Last modification:
19/01/2022

CVE-2021-20048
Publication date:
10/01/2022
A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions.
Severity CVSS v4.0: Pending analysis
Last modification:
19/01/2022

CVE-2021-23543
Publication date:
10/01/2022
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.
Severity CVSS v4.0: Pending analysis
Last modification:
13/01/2022

CVE-2020-29050
Publication date:
10/01/2022
SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2022
Subscribe to Vulnerabilities