Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-42382
Publication date:
15/11/2021
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2021-41263
Publication date:
15/11/2021
rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using `rails_multisite` alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different 'sites' within a multi-site Rails application. The issue has been patched in v4 of the `rails_multisite` gem. Note that this upgrade will invalidate all previous signed/encrypted cookies. The impact of this invalidation will vary based on the application architecture.
Severity CVSS v4.0: Pending analysis
Last modification:
09/08/2022

CVE-2021-41244
Publication date:
15/11/2021
Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users’ roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users' roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag.
Severity CVSS v4.0: Pending analysis
Last modification:
31/03/2022

CVE-2020-12962
Publication date:
15/11/2021
Escape call interface in the AMD Graphics Driver for Windows may cause privilege escalation.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2020-12960
Publication date:
15/11/2021
AMD Graphics Driver for Windows 10, amdfender.sys may improperly handle input validation on InputBuffer which may result in a denial of service (DoS).
Severity CVSS v4.0: Pending analysis
Last modification:
17/11/2021

CVE-2020-12893
Publication date:
15/11/2021
Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
17/11/2021

CVE-2020-12901
Publication date:
15/11/2021
Arbitrary Free After Use in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
17/11/2021

CVE-2020-12894
Publication date:
15/11/2021
Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
17/11/2021

CVE-2020-12905
Publication date:
15/11/2021
Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004403 may lead to arbitrary information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2021

CVE-2020-12903
Publication date:
15/11/2021
Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2021

CVE-2020-12892
Publication date:
15/11/2021
An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2021

CVE-2021-39222
Publication date:
15/11/2021
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Talk application was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Talk application is upgraded to patched versions 10.0.7, 10.1.4, 11.1.2, 11.2.0 or 12.0.0. As a workaround, use a browser that has support for Content-Security-Policy.
Severity CVSS v4.0: Pending analysis
Last modification:
17/11/2021
Subscribe to Vulnerabilities