Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-39197
Publication date:
07/09/2021
better_errors is an open source replacement for the standard Rails error page with more information rich error pages. It is also usable outside of Rails in any Rack app as Rack middleware. better_errors prior to 2.8.0 did not implement CSRF protection for its internal requests. It also did not enforce the correct "Content-Type" header for these requests, which allowed a cross-origin "simple request" to be made without CORS protection. These together left an application with better_errors enabled open to cross-origin attacks. As a developer tool, better_errors documentation strongly recommends addition only to the `development` bundle group, so this vulnerability should only affect development environments. Please ensure that your project limits better_errors to the `development` group (or the non-Rails equivalent). Starting with release 2.8.x, CSRF protection is enforced. It is recommended that you upgrade to the latest release, or minimally to "~> 2.8.3". There are no known workarounds to mitigate the risk of using older releases of better_errors.
Severity CVSS v4.0: Pending analysis
Last modification:
14/09/2021

CVE-2021-38142
Publication date:
07/09/2021
Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgrade mechanism is not secured (is not protected with TLS).
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-38123
Publication date:
07/09/2021
Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-40539
Publication date:
07/09/2021
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
05/11/2025

CVE-2021-39257
Publication date:
07/09/2021
A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G
Severity CVSS v4.0: Pending analysis
Last modification:
13/01/2023

CVE-2021-39261
Publication date:
07/09/2021
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G
Severity CVSS v4.0: Pending analysis
Last modification:
05/12/2025

CVE-2021-39262
Publication date:
07/09/2021
A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2025

CVE-2021-39263
Publication date:
07/09/2021
A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2025

CVE-2021-39255
Publication date:
07/09/2021
A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2025

CVE-2021-39256
Publication date:
07/09/2021
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2025

CVE-2021-39258
Publication date:
07/09/2021
A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2025

CVE-2021-39259
Publication date:
07/09/2021
A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2025
Subscribe to Vulnerabilities