Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-14850
Publication date:
18/03/2021
A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2021

CVE-2021-27656
Publication date:
18/03/2021
A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service and the operating system.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2021

CVE-2021-22665
Publication date:
18/03/2021
Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2021

CVE-2020-14516
Publication date:
18/03/2021
In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly.
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2021

CVE-2021-21383
Publication date:
18/03/2021
Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through mustache expressions in code blocks. This vulnerability exists due to mustache expressions being parsed by Vue during content injection even though it is contained within a `` element. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. For an example see referenced GitHub Security Advisory. Commit 5ffa189383dd716f12b56b8cae2ba0d075996cf1 fixes this vulnerability by adding the v-pre directive to all `` tags during the render.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2021

CVE-2020-26155
Publication date:
18/03/2021
Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack.
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2022

CVE-2020-27827
Publication date:
18/03/2021
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
Severity CVSS v4.0: Pending analysis
Last modification:
26/11/2023

CVE-2021-28794
Publication date:
18/03/2021
The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath.
Severity CVSS v4.0: Pending analysis
Last modification:
20/05/2022

CVE-2021-28796
Publication date:
18/03/2021
Increments Qiita::Markdown before 0.33.0 allows XSS in transformers.
Severity CVSS v4.0: Pending analysis
Last modification:
08/12/2021

CVE-2021-26215
Publication date:
18/03/2021
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php.
Severity CVSS v4.0: Pending analysis
Last modification:
22/03/2021

CVE-2021-26216
Publication date:
18/03/2021
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php.
Severity CVSS v4.0: Pending analysis
Last modification:
22/03/2021

CVE-2021-28791
Publication date:
18/03/2021
The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftformat.path configuration value that triggers execution upon opening the workspace.
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2021
Subscribe to Vulnerabilities