Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-30003
Publication date:
02/04/2021
An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2021

CVE-2021-30002
Publication date:
02/04/2021
An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2022

CVE-2021-23925
Publication date:
01/04/2021
An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document.
Severity CVSS v4.0: Pending analysis
Last modification:
06/04/2021

CVE-2021-23923
Publication date:
01/04/2021
An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users.
Severity CVSS v4.0: Pending analysis
Last modification:
06/04/2021

CVE-2021-23924
Publication date:
01/04/2021
An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files.
Severity CVSS v4.0: Pending analysis
Last modification:
06/04/2021

CVE-2021-23921
Publication date:
01/04/2021
An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements.
Severity CVSS v4.0: Pending analysis
Last modification:
06/04/2021

CVE-2021-23922
Publication date:
01/04/2021
An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in webviews.
Severity CVSS v4.0: Pending analysis
Last modification:
06/04/2021

CVE-2021-21416
Publication date:
01/04/2021
django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account registration view did not properly apply filters to sensitive data, with the result that sensitive data could be included in error reports rather than removed automatically by Django. Triggering this requires: A site is using django-registration
Severity CVSS v4.0: Pending analysis
Last modification:
06/04/2021

CVE-2021-21421
Publication date:
01/04/2021
node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later.
Severity CVSS v4.0: Pending analysis
Last modification:
21/10/2022

CVE-2021-21420
Publication date:
01/04/2021
vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The update addresses the vulnerability by modifying the way the extension validates its settings.
Severity CVSS v4.0: Pending analysis
Last modification:
12/08/2022

CVE-2021-28047
Publication date:
01/04/2021
Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fields.
Severity CVSS v4.0: Pending analysis
Last modification:
06/04/2021

CVE-2021-28970
Publication date:
01/04/2021
eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the job_id parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2021
Subscribe to Vulnerabilities