Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-36120
Publication date:
14/04/2021
Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS).
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2021

CVE-2021-26832
Publication date:
14/04/2021
Cross Site Scripting (XSS) in the "Reset Password" page form of Priority Enterprise Management System v8.00 allows attackers to execute javascript on behalf of the victim by sending a malicious URL or directing the victim to a malicious site.
Severity CVSS v4.0: Pending analysis
Last modification:
19/04/2021

CVE-2021-26805
Publication date:
14/04/2021
Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a malicious WAV file.
Severity CVSS v4.0: Pending analysis
Last modification:
19/04/2021

CVE-2020-19778
Publication date:
14/04/2021
Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php" by manipulating the parameter "user_id" in the HTML request.
Severity CVSS v4.0: Pending analysis
Last modification:
05/10/2022

CVE-2021-27815
Publication date:
14/04/2021
NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-22879
Publication date:
14/04/2021
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-27989
Publication date:
14/04/2021
Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2021

CVE-2021-25316
Publication date:
14/04/2021
A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterprise Server 15-SP2 s390-tools versions prior to 2.11.0-9.20.1.
Severity CVSS v4.0: Pending analysis
Last modification:
14/04/2023

CVE-2021-28797
Publication date:
14/04/2021
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)
Severity CVSS v4.0: Pending analysis
Last modification:
21/04/2021

CVE-2020-36323
Publication date:
14/04/2021
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-31162
Publication date:
14/04/2021
In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-25008
Publication date:
14/04/2021
In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2021
Subscribe to Vulnerabilities