Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-25247

Publication date:

27/01/2021

A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

03/02/2021

CVE-2021-25226

Publication date:

27/01/2021

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

01/02/2021

CVE-2021-25225

Publication date:

27/01/2021

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

01/02/2021

CVE-2021-25224

Publication date:

27/01/2021

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

01/02/2021

CVE-2021-3325

Publication date:

27/01/2021

Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2021-26117

Publication date:

27/01/2021

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.

Severity CVSS v4.0: Pending analysis

Last modification:

20/11/2023

CVE-2021-26118

Publication date:

27/01/2021

While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2021-3318

Publication date:

27/01/2021

attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

26/04/2022

CVE-2020-5427

Publication date:

27/01/2021

In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.

Severity CVSS v4.0: Pending analysis

Last modification:

04/02/2021

CVE-2020-5428

Publication date:

27/01/2021

In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.

Severity CVSS v4.0: Pending analysis

Last modification:

03/02/2021

CVE-2021-20357

Publication date:

27/01/2021

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.

Severity CVSS v4.0: Pending analysis

Last modification:

29/01/2021

CVE-2020-4865

Publication date:

27/01/2021

Severity CVSS v4.0: Pending analysis

Last modification:

29/01/2021

Subscribe to Vulnerabilities