Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-4496

Publication date:

13/12/2021

The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046.

Severity CVSS v4.0: Pending analysis

Last modification:

15/12/2021

CVE-2021-38901

Publication date:

13/12/2021

IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610.

Severity CVSS v4.0: Pending analysis

Last modification:

15/12/2021

CVE-2021-39049

Publication date:

13/12/2021

IBM i2 Analyst&#39;s Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214439.

Severity CVSS v4.0: Pending analysis

Last modification:

16/12/2021

CVE-2021-39048

Publication date:

13/12/2021

IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 214438.

Severity CVSS v4.0: Pending analysis

Last modification:

29/09/2022

CVE-2021-43818

Publication date:

13/12/2021

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2021-39052

Publication date:

13/12/2021

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. IBM X-Force ID: 214523.

Severity CVSS v4.0: Pending analysis

Last modification:

12/07/2022

CVE-2021-39065

Publication date:

13/12/2021

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function . A remote attacker could inject arbitrary shell commands which would be executed on the affected system. IBM X-Force ID: 214958.

Severity CVSS v4.0: Pending analysis

Last modification:

12/07/2022

CVE-2021-38947

Publication date:

13/12/2021

IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 211242.

Severity CVSS v4.0: Pending analysis

Last modification:

15/12/2021

CVE-2021-39053

Publication date:

13/12/2021

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to obtain sensitive information, caused by the improper handling of requests for Spectrum Copy Data Management Admin Console. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 214524.

Severity CVSS v4.0: Pending analysis

Last modification:

15/12/2021

CVE-2021-39054

Publication date:

13/12/2021

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim&#39;s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 214525.

Severity CVSS v4.0: Pending analysis

Last modification:

15/12/2021

CVE-2021-39058

Publication date:

13/12/2021

IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 214617.

Severity CVSS v4.0: Pending analysis

Last modification:

15/12/2021

CVE-2021-39064

Publication date:

13/12/2021

IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. IBM X-Force ID: 214957.

Severity CVSS v4.0: Pending analysis

Last modification:

08/08/2023

Subscribe to Vulnerabilities