Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-36314
Publication date:
23/11/2021
Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary File Creation Vulnerability. A remote unauthenticated attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary files on the end user system.
Severity CVSS v4.0: Pending analysis
Last modification:
27/11/2021

CVE-2021-36332
Publication date:
23/11/2021
Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites.
Severity CVSS v4.0: Pending analysis
Last modification:
27/11/2021

CVE-2021-36333
Publication date:
23/11/2021
Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflow Vulnerability. A local low privileged attacker, may potentially exploit this vulnerability, leading to an application crash.
Severity CVSS v4.0: Pending analysis
Last modification:
27/11/2021

CVE-2021-36334
Publication date:
23/11/2021
Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine
Severity CVSS v4.0: Pending analysis
Last modification:
27/11/2021

CVE-2021-36335
Publication date:
23/11/2021
Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, leading to execution of arbitrary files on the server
Severity CVSS v4.0: Pending analysis
Last modification:
27/11/2021

CVE-2021-38891
Publication date:
23/11/2021
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508.
Severity CVSS v4.0: Pending analysis
Last modification:
29/11/2021

CVE-2021-36301
Publication date:
23/11/2021
Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system.
Severity CVSS v4.0: Pending analysis
Last modification:
25/04/2022

CVE-2021-36311
Publication date:
23/11/2021
Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it.
Severity CVSS v4.0: Pending analysis
Last modification:
25/04/2022

CVE-2021-24894
Publication date:
23/11/2021
The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated user submit such rating and the reviews are set to be displayed on the post/page
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2022

CVE-2021-24873
Publication date:
23/11/2021
The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and escape user input before outputting back in attributes in the Student Registration page, leading to a Reflected Cross-Site Scripting issue
Severity CVSS v4.0: Pending analysis
Last modification:
24/11/2021

CVE-2021-24830
Publication date:
23/11/2021
The Advanced Access Manager WordPress plugin before 6.8.0 does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Severity CVSS v4.0: Pending analysis
Last modification:
05/01/2024

CVE-2021-24875
Publication date:
23/11/2021
The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.39 does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected Cross-Site Scripting issue
Severity CVSS v4.0: Pending analysis
Last modification:
24/11/2021
Subscribe to Vulnerabilities