Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-27210
Publication date:
13/02/2021
TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI.
Severity CVSS v4.0: Pending analysis
Last modification:
19/02/2021

CVE-2021-27209
Publication date:
13/02/2021
In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP.
Severity CVSS v4.0: Pending analysis
Last modification:
19/02/2021

CVE-2021-26753
Publication date:
12/02/2021
NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data.
Severity CVSS v4.0: Pending analysis
Last modification:
03/05/2022

CVE-2021-26752
Publication date:
12/02/2021
NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data.
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2021

CVE-2021-26751
Publication date:
12/02/2021
NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application.
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2021

CVE-2021-22984
Publication date:
12/02/2021
On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM virtual server configured with a DoS profile with Proactive Bot Defense (versions prior to 14.1.0), or a Bot Defense profile (versions 14.1.0 and later), may subject clients and web servers to Open Redirection attacks. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2021

CVE-2021-22977
Publication date:
12/02/2021
On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation between malicious HTTP client code and a malicious server may cause TMM to restart and generate a core file. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2021

CVE-2021-22504
Publication date:
12/02/2021
Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. The vulnerability could allow remote attackers to execute arbitrary code on an OBM server.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-22978
Publication date:
12/02/2021
On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x and 11.6.x versions, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of BIG-IP if the victim user is granted the admin role. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Severity CVSS v4.0: Pending analysis
Last modification:
24/02/2021

CVE-2020-13949
Publication date:
12/02/2021
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2013-20001
Publication date:
12/02/2021
An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2021-22983
Publication date:
12/02/2021
On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.5, authenticated users accessing the Configuration utility for AFM are vulnerable to a cross-site scripting attack if they attempt to access a maliciously-crafted URL. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2021
Subscribe to Vulnerabilities