Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-22278
Publication date:
28/10/2021
A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed.
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2023

CVE-2021-22402
Publication date:
28/10/2021
There is a DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause DoS attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2021

CVE-2021-22406
Publication date:
28/10/2021
There is an Uncaught Exception vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2021-37915
Publication date:
28/10/2021
An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a result, after a reboot, the device downloads and executes malicious scripts from an attacker-defined host.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2021

CVE-2021-37748
Publication date:
28/10/2021
Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2021

CVE-2019-19810
Publication date:
28/10/2021
Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to execute arbitrary code on the target host.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2021

CVE-2021-43057
Publication date:
28/10/2021
An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges, aka CID-a3727a8bac0a. This occurs because of an attempt to access the subjective credentials of another task.
Severity CVSS v4.0: Pending analysis
Last modification:
01/03/2023

CVE-2021-43056
Publication date:
28/10/2021
An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-3904
Publication date:
27/10/2021
grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Severity CVSS v4.0: Pending analysis
Last modification:
29/10/2021

CVE-2021-3906
Publication date:
27/10/2021
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2021

CVE-2021-3903
Publication date:
27/10/2021
vim is vulnerable to Heap-based Buffer Overflow
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-41191
Publication date:
27/10/2021
Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add `@require_apikey` in `BOT/lib/cogs/website.py` under the route for `/v1/products`.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2021
Subscribe to Vulnerabilities