Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-18750
Publication date:
05/02/2021
Buffer overflow in pdf2json 0.69 allows local users to execute arbitrary code by converting a crafted PDF file.
Severity CVSS v4.0: Pending analysis
Last modification:
08/02/2021

CVE-2021-26722
Publication date:
05/02/2021
LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar.
Severity CVSS v4.0: Pending analysis
Last modification:
08/02/2021

CVE-2021-3258
Publication date:
05/02/2021
Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2021

CVE-2021-3382
Publication date:
05/02/2021
Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path.
Severity CVSS v4.0: Pending analysis
Last modification:
08/02/2021

CVE-2020-18737
Publication date:
05/02/2021
An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution.
Severity CVSS v4.0: Pending analysis
Last modification:
08/02/2021

CVE-2020-4832
Publication date:
05/02/2021
IBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary directories after a discovery failure occurs. IBM X-Force ID: 189969.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2021-3311
Publication date:
05/02/2021
An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an attacker.
Severity CVSS v4.0: Pending analysis
Last modification:
15/03/2021

CVE-2021-3333
Publication date:
05/02/2021
Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link.
Severity CVSS v4.0: Pending analysis
Last modification:
08/02/2021

CVE-2021-26710
Publication date:
05/02/2021
A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2022

CVE-2021-26711
Publication date:
05/02/2021
A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2022

CVE-2021-26708
Publication date:
05/02/2021
A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2023

CVE-2020-36241
Publication date:
05/02/2021
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities