Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-26321
Publication date:
16/11/2021
Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2021

CVE-2021-26327
Publication date:
16/11/2021
Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2021

CVE-2021-26325
Publication date:
16/11/2021
Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2021

CVE-2020-21627
Publication date:
16/11/2021
Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability in the component /current_action.php?action=reboot, which allows attackers to cause a denial of service (DoS) via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2021

CVE-2021-26315
Publication date:
16/11/2021
When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently decrypts an encrypted FW, due to insufficient verification of the integrity of decrypted image, arbitrary code may be executed in the PSP when encrypted firmware images are used.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2021

CVE-2021-26320
Publication date:
16/11/2021
Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2021

CVE-2020-12961
Publication date:
16/11/2021
A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2021

CVE-2020-21639
Publication date:
16/11/2021
Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cross-site scripting (XSS) vulnerability via the rule_name parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2021

CVE-2021-26312
Publication date:
16/11/2021
Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2022

CVE-2021-26322
Publication date:
16/11/2021
Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2022

CVE-2021-43046
Publication date:
16/11/2021
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain session tokens for the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2021

CVE-2021-43048
Publication date:
16/11/2021
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2021
Subscribe to Vulnerabilities