Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-37727

Publication date:

12/10/2021

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

24/11/2021

CVE-2021-38180

Publication date:

12/10/2021

SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim&#39;s computer but only if the victim allows to execute macros while opening the file and the security settings of Excel allow for command execution.

Severity CVSS v4.0: Pending analysis

Last modification:

24/02/2026

CVE-2021-37726

Publication date:

12/10/2021

A remote buffer overflow vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 8.7.x.x: 8.7.0.0 through 8.7.1.2. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

24/11/2021

CVE-2021-38456

Publication date:

12/10/2021

A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords

Severity CVSS v4.0: Pending analysis

Last modification:

25/04/2022

CVE-2021-25634

Publication date:

12/10/2021

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2.

Severity CVSS v4.0: Pending analysis

Last modification:

18/10/2021

CVE-2021-38452

Publication date:

12/10/2021

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.

Severity CVSS v4.0: Pending analysis

Last modification:

19/10/2021

CVE-2021-38458

Publication date:

12/10/2021

Severity CVSS v4.0: Pending analysis

Last modification:

19/10/2021

CVE-2021-38454

Publication date:

12/10/2021

Severity CVSS v4.0: Pending analysis

Last modification:

25/10/2022

CVE-2021-38460

Publication date:

12/10/2021

Severity CVSS v4.0: Pending analysis

Last modification:

25/10/2022

CVE-2021-21940

Publication date:

12/10/2021

A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted network packet can lead to a heap buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

29/07/2022

CVE-2021-21941

Publication date:

12/10/2021

A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution.

Severity CVSS v4.0: Pending analysis

Last modification:

29/07/2022

CVE-2020-28145

Publication date:

12/10/2021

Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information.

Severity CVSS v4.0: Pending analysis

Last modification:

18/10/2021

Subscribe to Vulnerabilities