Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-20285
Publication date:
26/03/2021
A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2021-20193
Publication date:
26/03/2021
A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2025

CVE-2021-1629
Publication date:
26/03/2021
Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users.
Severity CVSS v4.0: Pending analysis
Last modification:
03/06/2021

CVE-2021-1628
Publication date:
26/03/2021
MuleSoft is aware of a XML External Entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Affected versions: Mule 4.x runtime released before February 2, 2021.
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2021

CVE-2021-1627
Publication date:
26/03/2021
MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. This affects: Mule 3.8.x,3.9.x,4.x runtime released before February 2, 2021.
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2021

CVE-2021-1626
Publication date:
26/03/2021
MuleSoft is aware of a Remote Code Execution vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Versions affected: Mule 4.1.x and 4.2.x runtime released before February 2, 2021.
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2021

CVE-2021-20197
Publication date:
26/03/2021
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2023

CVE-2020-35508
Publication date:
26/03/2021
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2023

CVE-2020-35518
Publication date:
26/03/2021
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2022

CVE-2020-27829
Publication date:
26/03/2021
A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2021

CVE-2021-3109
Publication date:
26/03/2021
The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2021

CVE-2020-35856
Publication date:
26/03/2021
SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2021
Subscribe to Vulnerabilities