Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-23171
Publication date:
10/08/2021
A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file.
Severity CVSS v4.0: Pending analysis
Last modification:
17/08/2021

CVE-2020-23172
Publication date:
10/08/2021
A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives.
Severity CVSS v4.0: Pending analysis
Last modification:
17/08/2021

CVE-2021-33707
Publication date:
10/08/2021
SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This could enable the attacker to compromise the user's confidentiality and integrity.
Severity CVSS v4.0: Pending analysis
Last modification:
28/01/2022

CVE-2021-33703
Publication date:
10/08/2021
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A successful attack results in Reflected Cross-Site Scripting (XSS) vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2022

CVE-2021-38370
Publication date:
10/08/2021
In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS.
Severity CVSS v4.0: Pending analysis
Last modification:
13/01/2023

CVE-2021-33706
Publication date:
10/08/2021
Due to improper input validation in InfraBox, logs can be modified by an authenticated user.
Severity CVSS v4.0: Pending analysis
Last modification:
17/08/2021

CVE-2021-36601
Publication date:
10/08/2021
GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
19/08/2021

CVE-2021-38372
Publication date:
10/08/2021
In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS.
Severity CVSS v4.0: Pending analysis
Last modification:
20/08/2021

CVE-2021-38373
Publication date:
10/08/2021
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.
Severity CVSS v4.0: Pending analysis
Last modification:
20/08/2021

CVE-2021-38371
Publication date:
10/08/2021
The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2021-33702
Publication date:
10/08/2021
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim opens the report, and the malicious script gets executed in the victim's browser, resulting in a Stored Cross-Site Scripting (XSS) vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2022

CVE-2021-33699
Publication date:
10/08/2021
Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. This allows an unauthorized attacker or malware to takeover legitimate apps and to steal user's sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
17/08/2021
Subscribe to Vulnerabilities