Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-26705
Publication date:
31/10/2021
The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity (XXE) vulnerability which allows for an attacker to expose sensitive data or perform a denial of service (DOS) via a crafted external entity entered into the XML content as input.
Severity CVSS v4.0: Pending analysis
Last modification:
27/10/2022

CVE-2020-25911
Publication date:
31/10/2021
A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS).
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2021

CVE-2020-25912
Publication date:
31/10/2021
A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS).
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2021

CVE-2021-33259
Publication date:
31/10/2021
Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history.
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2024

CVE-2021-36808
Publication date:
30/10/2021
A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115.
Severity CVSS v4.0: Pending analysis
Last modification:
29/11/2021

CVE-2021-1123
Publication date:
29/10/2021
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can deadlock, which may lead to denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
03/05/2022

CVE-2021-1122
Publication date:
29/10/2021
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2021

CVE-2021-1120
Publication date:
29/10/2021
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly null terminated. The guest OS or attacker has no ability to push content to the plugin through this vulnerability, which may lead to information disclosure, data tampering, unauthorized code execution, and denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2021

CVE-2021-1119
Publication date:
29/10/2021
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can double-free a pointer, which may lead to denial of service. This flaw may result in a write-what-where condition, allowing an attacker to execute arbitrary code impacting integrity and availability.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2021

CVE-2021-1121
Publication date:
29/10/2021
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel driver, where a vGPU can cause resource starvation among other vGPUs hosted on the same GPU, which may lead to denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2021

CVE-2020-25881
Publication date:
29/10/2021
A vulnerability was discovered in the filename parameter in pathindex.php?r=cms-backend/attachment/delete&sub=&filename=../../../../111.txt&filetype=image/jpeg of the master version of RKCMS. This vulnerability allows for an attacker to perform a directory traversal via a crafted .txt file.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2021

CVE-2021-1118
Publication date:
29/10/2021
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to execute privileged operations by the guest OS, which may lead to information disclosure, data tampering, escalation of privileges, and denial of service
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2022
Subscribe to Vulnerabilities