Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-36323
Publication date:
12/11/2021
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
Severity CVSS v4.0: Pending analysis
Last modification:
22/11/2021

CVE-2021-36324
Publication date:
12/11/2021
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
Severity CVSS v4.0: Pending analysis
Last modification:
22/11/2021

CVE-2021-21528
Publication date:
12/11/2021
Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions.
Severity CVSS v4.0: Pending analysis
Last modification:
17/11/2021

CVE-2021-41229
Publication date:
12/11/2021
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2021-43611
Publication date:
12/11/2021
Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via " \ " in the display name of a From header.
Severity CVSS v4.0: Pending analysis
Last modification:
16/11/2021

CVE-2021-43610
Publication date:
12/11/2021
Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header (request URI without a parameter) in an unauthenticated SIP message, a different issue than CVE-2021-33056.
Severity CVSS v4.0: Pending analysis
Last modification:
16/11/2021

CVE-2021-3789
Publication date:
12/11/2021
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages.
Severity CVSS v4.0: Pending analysis
Last modification:
16/11/2021

CVE-2021-3790
Publication date:
12/11/2021
A buffer overflow was reported in the local web server of some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same network to perform a denial-of-service attack against the device.
Severity CVSS v4.0: Pending analysis
Last modification:
16/11/2021

CVE-2021-3791
Publication date:
12/11/2021
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password.
Severity CVSS v4.0: Pending analysis
Last modification:
16/11/2021

CVE-2021-3792
Publication date:
12/11/2021
Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an attacker.
Severity CVSS v4.0: Pending analysis
Last modification:
16/11/2021

CVE-2021-3720
Publication date:
12/11/2021
An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data.
Severity CVSS v4.0: Pending analysis
Last modification:
16/11/2021

CVE-2021-3843
Publication date:
12/11/2021
A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
23/11/2021
Subscribe to Vulnerabilities