Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-41525
Publication date:
21/09/2021
An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inventory agent and inventory beacon versions 2020 R2.5 and prior.
Severity CVSS v4.0: Pending analysis
Last modification:
04/10/2021

CVE-2021-41531
Publication date:
21/09/2021
NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation.
Severity CVSS v4.0: Pending analysis
Last modification:
05/10/2021

CVE-2021-37419
Publication date:
21/09/2021
Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2022

CVE-2021-0869
Publication date:
21/09/2021
In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-179620905 References: N/A
Severity CVSS v4.0: Pending analysis
Last modification:
05/10/2021

CVE-2021-37420
Publication date:
21/09/2021
Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-37424
Publication date:
21/09/2021
ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-37741
Publication date:
21/09/2021
ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-28960
Publication date:
21/09/2021
Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations.
Severity CVSS v4.0: Pending analysis
Last modification:
28/11/2021

CVE-2021-31917
Publication date:
21/09/2021
A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity CVSS v4.0: Pending analysis
Last modification:
11/01/2022

CVE-2021-26333
Publication date:
21/09/2021
An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.
Severity CVSS v4.0: Pending analysis
Last modification:
26/04/2022

CVE-2021-20829
Publication date:
21/09/2021
Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user who accesses a specially crafted page.
Severity CVSS v4.0: Pending analysis
Last modification:
29/09/2021

CVE-2021-20037
Publication date:
21/09/2021
SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier.
Severity CVSS v4.0: Pending analysis
Last modification:
05/10/2021
Subscribe to Vulnerabilities