Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-27903
Publication date:
30/06/2021
An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-35956
Publication date:
30/06/2021
Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2021

CVE-2021-27902
Publication date:
30/06/2021
An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2021

CVE-2021-25951
Publication date:
30/06/2021
XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to cause a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2021

CVE-2021-34379
Publication date:
30/06/2021
Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 10 is missing. The length of an I/O buffer parameter is not checked, which might lead to memory corruption.
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2022

CVE-2021-28692
Publication date:
30/06/2021
inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU spin-waits for the completion of the most recently issued command(s). Some of these waiting loops try to apply a timeout to fail overly-slow commands. The course of action upon a perceived timeout actually being detected is inappropriate: - on Intel hardware guests which did not originally cause the timeout may be marked as crashed, - on AMD hardware higher layer callers would not be notified of the issue, making them continue as if the IOMMU operation succeeded.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2021

CVE-2021-28693
Publication date:
30/06/2021
xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page over to the allocator. Unfortunately, it was discovered that modules will not be scrubbed on Arm.
Severity CVSS v4.0: Pending analysis
Last modification:
21/09/2021

CVE-2021-31721
Publication date:
30/06/2021
Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage.
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2021

CVE-2021-34373
Publication date:
30/06/2021
Trusty trusted Linux kernel (TLK) contains a vulnerability in the NVIDIA TLK kernel where a lack of heap hardening could cause heap overflows, which might lead to information disclosure and denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2021

CVE-2021-30648
Publication date:
30/06/2021
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2021

CVE-2021-34374
Publication date:
30/06/2021
Trusty contains a vulnerability in command handlers where the length of input buffers is not verified. This vulnerability can cause memory corruption, which may lead to information disclosure, escalation of privileges, and denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2021

CVE-2021-34375
Publication date:
30/06/2021
Trusty contains a vulnerability in all trusted applications (TAs) where the stack cookie was not randomized, which might result in stack-based buffer overflow, leading to denial of service, escalation of privileges, and information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2021
Subscribe to Vulnerabilities