Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-1382
Publication date:
24/03/2021
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-1383
Publication date:
24/03/2021
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-1384
Publication date:
24/03/2021
A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the underlying operating system as the root user. This vulnerability is due to incomplete validation of fields in the application packages loaded onto IOx. An attacker could exploit this vulnerability by creating a crafted application .tar file and loading it onto the device. A successful exploit could allow the attacker to perform command injection into the underlying operating system as the root user.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-22169
Publication date:
24/03/2021
An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messages.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-22186
Publication date:
24/03/2021
An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2021

CVE-2021-22192
Publication date:
24/03/2021
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server.
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2021

CVE-2021-22193
Publication date:
24/03/2021
An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project.
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2021

CVE-2021-22185
Publication date:
24/03/2021
Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2021

CVE-2020-15809
Publication date:
24/03/2021
spxmanage on certain SpinetiX devices allows requests that access unintended resources because of SSRF and Path Traversal. This affects HMP350, HMP300, and DiVA through 4.5.2-1.0.36229; HMP400 and HMP400W through 4.5.2-1.0.2-1eb2ffbd; and DSOS through 4.5.2-1.0.2-1eb2ffbd.
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2021

CVE-2020-7839
Publication date:
24/03/2021
In MaEPSBroker 2.5.0.31 and prior, a command injection vulnerability caused by improper input validation checks when parsing brokerCommand parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2021

CVE-2021-22176
Publication date:
24/03/2021
An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2021

CVE-2021-22178
Publication date:
24/03/2021
An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration.
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2021
Subscribe to Vulnerabilities