Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-3872
Publication date:
19/10/2021
vim is vulnerable to Heap-based Buffer Overflow
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2021-38466
Publication date:
19/10/2021
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not perform sufficient input validation on client requests from the help page. This may allow an attacker to perform a reflected cross-site scripting attack, which could allow an attacker to run code on behalf of the client browser.
Severity CVSS v4.0: Pending analysis
Last modification:
22/10/2021

CVE-2021-38462
Publication date:
19/10/2021
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf.
Severity CVSS v4.0: Pending analysis
Last modification:
22/10/2021

CVE-2021-38464
Publication date:
19/10/2021
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or hijack the session.
Severity CVSS v4.0: Pending analysis
Last modification:
22/10/2021

CVE-2021-36512
Publication date:
19/10/2021
An issue was discovered in function scanallsubs in src/sbbs3/scansubs.cpp in Synchronet BBS, which may allow attackers to view sensitive information due to an uninitialized value.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2021

CVE-2021-42261
Publication date:
19/10/2021
Revisor Video Management System (VMS) before 2.0.0 has a directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of restricted directory on the remote server. This could lead to the disclosure of sensitive data on the vulnerable server.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2021

CVE-2021-25968
Publication date:
19/10/2021
In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field.
Severity CVSS v4.0: Pending analysis
Last modification:
21/10/2021

CVE-2021-20836
Publication date:
19/10/2021
Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening a specially crafted SCS project files.
Severity CVSS v4.0: Pending analysis
Last modification:
22/10/2021

CVE-2021-41154
Publication date:
18/10/2021
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.17.99.144, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7.
Severity CVSS v4.0: Pending analysis
Last modification:
22/10/2021

CVE-2021-41155
Publication date:
18/10/2021
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix: Tuleap Community Edition 11.17.99.146, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7.
Severity CVSS v4.0: Pending analysis
Last modification:
22/10/2021

CVE-2021-42650
Publication date:
18/10/2021
Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates.
Severity CVSS v4.0: Pending analysis
Last modification:
21/10/2021

CVE-2021-41153
Publication date:
18/10/2021
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `
Severity CVSS v4.0: Pending analysis
Last modification:
22/10/2021
Subscribe to Vulnerabilities