Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-36792
Publication date:
13/08/2021
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2020-18754
Publication date:
13/08/2021
An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100.
Severity CVSS v4.0: Pending analysis
Last modification:
31/03/2023

CVE-2021-38553
Publication date:
13/08/2021
HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2022

CVE-2021-3352
Publication date:
13/08/2021
The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens.
Severity CVSS v4.0: Pending analysis
Last modification:
25/08/2021

CVE-2021-38554
Publication date:
13/08/2021
HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.
Severity CVSS v4.0: Pending analysis
Last modification:
08/09/2022

CVE-2021-32071
Publication date:
13/08/2021
The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view and modify application data, and cause a denial of service for users.
Severity CVSS v4.0: Pending analysis
Last modification:
03/05/2022

CVE-2021-32070
Publication date:
13/08/2021
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an attacker to modify the browser header and redirect users.
Severity CVSS v4.0: Pending analysis
Last modification:
23/08/2021

CVE-2021-32069
Publication date:
13/08/2021
The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an attacker to view and modify data.
Severity CVSS v4.0: Pending analysis
Last modification:
23/08/2021

CVE-2021-32068
Publication date:
13/08/2021
The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient TLS session controls. A successful exploit could allow an attacker to modify application data and state.
Severity CVSS v4.0: Pending analysis
Last modification:
23/08/2021

CVE-2021-32067
Publication date:
13/08/2021
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization.
Severity CVSS v4.0: Pending analysis
Last modification:
23/08/2021

CVE-2021-27402
Publication date:
13/08/2021
The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to access (view and modify) user data by injecting arbitrary directory paths due to improper URL validation, aka Directory Traversal.
Severity CVSS v4.0: Pending analysis
Last modification:
23/08/2021

CVE-2021-27401
Publication date:
13/08/2021
The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access (view and modify) user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting (XSS).
Severity CVSS v4.0: Pending analysis
Last modification:
23/08/2021
Subscribe to Vulnerabilities