Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-21879

Publication date:
22/12/2021
A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2022

CVE-2021-21878

Publication date:
22/12/2021
A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to local file inclusion. An attacker can make a series of authenticated HTTP requests to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2022

CVE-2021-21873

Publication date:
22/12/2021
A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
30/09/2022

CVE-2021-21872

Publication date:
22/12/2021
An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
30/09/2022

CVE-2021-44659

Publication date:
22/12/2021
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the product's design allows an admin to configure outbound requests
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2024

CVE-2021-45266

Publication date:
22/12/2021
A null pointer dereference vulnerability exists in gpac 1.1.0 via the lsr_read_anim_values_ex function, which causes a segmentation fault and application crash.
Severity CVSS v4.0: Pending analysis
Last modification:
23/12/2021

CVE-2021-45262

Publication date:
22/12/2021
An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_command_del function, which causes a segmentation fault and application crash.
Severity CVSS v4.0: Pending analysis
Last modification:
27/05/2023

CVE-2021-45263

Publication date:
22/12/2021
An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_delete_attribute_value function, which causes a segmentation fault and application crash.
Severity CVSS v4.0: Pending analysis
Last modification:
27/05/2023

CVE-2021-45267

Publication date:
22/12/2021
An invalid memory address dereference vulnerability exists in gpac 1.1.0 via the svg_node_start function, which causes a segmentation fault and application crash.
Severity CVSS v4.0: Pending analysis
Last modification:
27/05/2023

CVE-2021-45260

Publication date:
22/12/2021
A null pointer dereference vulnerability exists in gpac 1.1.0 in the lsr_read_id.part function, which causes a segmentation fault and application crash.
Severity CVSS v4.0: Pending analysis
Last modification:
27/12/2021

CVE-2021-45261

Publication date:
22/12/2021
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.
Severity CVSS v4.0: Pending analysis
Last modification:
28/12/2021

CVE-2021-37706

Publication date:
22/12/2021
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025