Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-42294
Publication date:
15/12/2021
Microsoft SharePoint Server Remote Code Execution Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
28/12/2023

CVE-2021-42309
Publication date:
15/12/2021
Microsoft SharePoint Server Remote Code Execution Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
28/12/2023

CVE-2021-42295
Publication date:
15/12/2021
Visual Basic for Applications Information Disclosure Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2021-4116
Publication date:
15/12/2021
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Severity CVSS v4.0: Pending analysis
Last modification:
17/12/2021

CVE-2021-20330
Publication date:
15/12/2021
An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9.
Severity CVSS v4.0: Pending analysis
Last modification:
16/09/2024

CVE-2021-4111
Publication date:
15/12/2021
yetiforcecrm is vulnerable to Business Logic Errors
Severity CVSS v4.0: Pending analysis
Last modification:
09/08/2022

CVE-2021-45043
Publication date:
15/12/2021
HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
17/12/2021

CVE-2019-19138
Publication date:
15/12/2021
Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity.
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2021

CVE-2020-23545
Publication date:
15/12/2021
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ReadXPM_W+0x0000000000000531.
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2021

CVE-2021-40170
Publication date:
15/12/2021
An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to trigger arbitrary system functionality by replaying previously recorded signals. This lets an adversary, among other things, disarm an armed system.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2022

CVE-2021-43326
Publication date:
15/12/2021
Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2022

CVE-2021-40826
Publication date:
15/12/2021
Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022
Subscribe to Vulnerabilities