Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-45015
Publication date:
14/12/2021
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-45014
Publication date:
14/12/2021
There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26
Severity CVSS v4.0: Pending analysis
Last modification:
15/12/2021

CVE-2021-44538
Publication date:
14/12/2021
The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2021-44937
Publication date:
14/12/2021
glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html/users.php. An attacker can register with the mailbox of any user. When users want to register, they will find that the mailbox has been occupied.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-44935
Publication date:
14/12/2021
glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html/comment.php. The attacker can complete the attack remotely without interaction.
Severity CVSS v4.0: Pending analysis
Last modification:
15/12/2021

CVE-2021-4104
Publication date:
14/12/2021
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2023

CVE-2021-44522
Publication date:
14/12/2021
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
17/12/2021

CVE-2021-44523
Publication date:
14/12/2021
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
17/12/2021

CVE-2021-44524
Publication date:
14/12/2021
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
17/12/2021

CVE-2021-44444
Publication date:
14/12/2021
A vulnerability has been identified in JT Utilities (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
14/10/2022

CVE-2021-44450
Publication date:
14/12/2021
A vulnerability has been identified in JT Utilities (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
14/12/2021

CVE-2021-44445
Publication date:
14/12/2021
A vulnerability has been identified in JT Utilities (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
14/12/2021
Subscribe to Vulnerabilities