Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-26573
Publication date:
08/02/2021
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgeneratesslcfg function.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2021

CVE-2021-25172
Publication date:
08/02/2021
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so websetdefaultlangcfg function.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2021

CVE-2021-21240
Publication date:
08/02/2021
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2021

CVE-2021-21288
Publication date:
08/02/2021
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1.
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2021

CVE-2021-26905
Publication date:
08/02/2021
1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-26570
Publication date:
08/02/2021
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webifc_setadconfig function.
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2021

CVE-2021-25168
Publication date:
08/02/2021
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webupdatecomponent function.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2021

CVE-2021-25169
Publication date:
08/02/2021
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetservicecfg function.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2021

CVE-2021-25170
Publication date:
08/02/2021
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetremoteimageinfo function.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2021

CVE-2021-25171
Publication date:
08/02/2021
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetlicensecfg function.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2021

CVE-2021-26571
Publication date:
08/02/2021
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2021

CVE-2021-26572
Publication date:
08/02/2021
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2021
Subscribe to Vulnerabilities