Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-31890
Publication date:
09/11/2021
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
08/10/2024

CVE-2021-37207
Publication date:
09/11/2021
A vulnerability has been identified in SENTRON powermanager V3 (All versions). The affected application assigns improper access rights to a specific folder containing configuration files. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
11/11/2021

CVE-2021-31888
Publication date:
09/11/2021
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2023

CVE-2021-31884
Publication date:
09/11/2021
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
26/06/2023

CVE-2021-31887
Publication date:
09/11/2021
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2023

CVE-2021-40358
Publication date:
09/11/2021
A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2023

CVE-2021-40359
Publication date:
09/11/2021
A vulnerability has been identified in OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2023

CVE-2020-10054
Publication date:
09/11/2021
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
11/11/2021

CVE-2020-10053
Publication date:
09/11/2021
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
11/11/2021

CVE-2020-10052
Publication date:
09/11/2021
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
11/11/2021

CVE-2021-41253
Publication date:
08/11/2021
Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v3.2.0 and older that use the string functions provided in `zycore` in order to append untrusted user data to the formatter buffer within their custom formatter hooks can run into heap buffer overflows. Older versions of Zydis failed to properly initialize the string object within the formatter buffer, forgetting to initialize a few fields, leaving their value to chance. This could then in turn cause zycore functions like `ZyanStringAppend` to make incorrect calculations for the new target size, resulting in heap memory corruption. This does not affect the regular uncustomized Zydis formatter, because Zydis internally doesn't use the string functions in zycore that act upon these fields. However, because the zycore string functions are the intended way to work with the formatter buffer for users of the library that wish to extend the formatter, we still consider this to be a vulnerability in Zydis. This bug is patched starting in version 3.2.1. As a workaround, users may refrain from using zycore string functions in their formatter hooks until updating to a patched version.
Severity CVSS v4.0: Pending analysis
Last modification:
24/10/2022

CVE-2020-23572
Publication date:
08/11/2021
BEESCMS v4.0 was discovered to contain an arbitrary file upload vulnerability via the component /admin/upload.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file.
Severity CVSS v4.0: Pending analysis
Last modification:
13/11/2021
Subscribe to Vulnerabilities