Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-24772

Publication date:

17/11/2021

The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue.

Severity CVSS v4.0: Pending analysis

Last modification:

19/11/2021

CVE-2021-24758

Publication date:

17/11/2021

The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections

Severity CVSS v4.0: Pending analysis

Last modification:

19/11/2021

CVE-2021-24598

Publication date:

17/11/2021

The Testimonial WordPress plugin before 1.6.0 does not escape some testimonial fields which could allow high privilege users to perform Cross Site Scripting attacks even when the unfiltered_html capability is disallowed

Severity CVSS v4.0: Pending analysis

Last modification:

19/11/2021

CVE-2021-43337

Publication date:

17/11/2021

SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to which they should not have access.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2021-3939

Publication date:

17/11/2021

Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1.

Severity CVSS v4.0: Pending analysis

Last modification:

12/06/2023

CVE-2021-43011

Publication date:

16/11/2021

Adobe Prelude version 10.1 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.

Severity CVSS v4.0: Pending analysis

Last modification:

25/04/2022

CVE-2021-43012

Publication date:

16/11/2021

Severity CVSS v4.0: Pending analysis

Last modification:

25/04/2022

CVE-2021-42731

Publication date:

16/11/2021

Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Severity CVSS v4.0: Pending analysis

Last modification:

17/11/2021

CVE-2021-42723

Publication date:

16/11/2021

Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted SGI file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Severity CVSS v4.0: Pending analysis

Last modification:

25/04/2022

CVE-2021-42725

Publication date:

16/11/2021

Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

26/06/2023

CVE-2021-42721

Publication date:

16/11/2021

Acrobat Bridge versions 11.1.1 and earlier are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Severity CVSS v4.0: Pending analysis

Last modification:

15/04/2022

CVE-2021-42726

Publication date:

16/11/2021

Severity CVSS v4.0: Pending analysis

Last modification:

25/04/2022

Subscribe to Vulnerabilities