Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-36151

Publication date:
08/02/2021
Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-36152

Publication date:
08/02/2021
Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-36148

Publication date:
08/02/2021
Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-36150

Publication date:
08/02/2021
Incorrect handling of input data in loudness function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and access to unallocated memory block.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-26910

Publication date:
08/02/2021
Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.
Severity CVSS v4.0: Pending analysis
Last modification:
23/05/2022

CVE-2021-26577

Publication date:
08/02/2021
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so uploadsshkey function.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2021

CVE-2021-26575

Publication date:
08/02/2021
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletesolvideofile function.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2021

CVE-2021-26574

Publication date:
08/02/2021
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletevideofile function.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2021

CVE-2021-26573

Publication date:
08/02/2021
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgeneratesslcfg function.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2021

CVE-2021-25172

Publication date:
08/02/2021
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so websetdefaultlangcfg function.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2021

CVE-2021-21240

Publication date:
08/02/2021
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2021

CVE-2021-21288

Publication date:
08/02/2021
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1.
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2021