Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-3164
Publication date:
26/01/2021
ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php.
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2021

CVE-2021-3152
Publication date:
26/01/2021
Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Home Assistant does have a security update that is worthwhile in addressing this situation
Severity CVSS v4.0: Pending analysis
Last modification:
03/08/2024

CVE-2021-3114
Publication date:
26/01/2021
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-3115
Publication date:
26/01/2021
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-26266
Publication date:
26/01/2021
cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578).
Severity CVSS v4.0: Pending analysis
Last modification:
03/02/2021

CVE-2021-26267
Publication date:
26/01/2021
cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579).
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2021-26025
Publication date:
26/01/2021
PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!zlibVersion+0x0000000000004e5e via a crafted BMP image.
Severity CVSS v4.0: Pending analysis
Last modification:
03/02/2021

CVE-2021-26026
Publication date:
26/01/2021
PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!JPEGTransW+0x000000000000c7f4 via a crafted BMP image.
Severity CVSS v4.0: Pending analysis
Last modification:
03/02/2021

CVE-2021-25906
Publication date:
26/01/2021
An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed.
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2021

CVE-2021-25904
Publication date:
26/01/2021
An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault.
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2021

CVE-2021-25902
Publication date:
26/01/2021
An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, map_array can perform a double drop.
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2021

CVE-2021-25901
Publication date:
26/01/2021
An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race.
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2021
Subscribe to Vulnerabilities