Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-26089
Publication date:
12/07/2021
An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase.
Severity CVSS v4.0: Pending analysis
Last modification:
30/03/2022

CVE-2021-32678
Publication date:
12/07/2021
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller (`OCSController`) using the `@BruteForceProtection` annotation. Risk depends on the installed applications on the Nextcloud Server, but could range from bypassing authentication ratelimits or spamming other Nextcloud users. The vulnerability is patched in versions 19.0.13, 20.0.11, and 21.0.3. No workarounds aside from upgrading are known to exist.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-26090
Publication date:
12/07/2021
A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests.
Severity CVSS v4.0: Pending analysis
Last modification:
13/07/2021

CVE-2020-21131
Publication date:
12/07/2021
SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2021

CVE-2020-21132
Publication date:
12/07/2021
SQL Injection vulnerability in Metinfo 7.0.0beta in index.php.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2021

CVE-2020-21133
Publication date:
12/07/2021
SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2021

CVE-2021-35064
Publication date:
12/07/2021
KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2022

CVE-2021-30129
Publication date:
12/07/2021
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-22921
Publication date:
12/07/2021
Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.
Severity CVSS v4.0: Pending analysis
Last modification:
06/04/2022

CVE-2021-35037
Publication date:
12/07/2021
Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises. An attacker may craft a URL that appears to be for a customer's Jamf Pro instance, but when clicked will forward a user to an arbitrary URL that may be malicious. This is tracked via Jamf with the following ID: PI-009822
Severity CVSS v4.0: Pending analysis
Last modification:
22/07/2021

CVE-2021-27293
Publication date:
12/07/2021
RestSharp
Severity CVSS v4.0: Pending analysis
Last modification:
09/09/2021

CVE-2021-3547
Publication date:
12/07/2021
OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.
Severity CVSS v4.0: Pending analysis
Last modification:
27/10/2022
Subscribe to Vulnerabilities