Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-36085
Publication date:
01/07/2021
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2021-36086
Publication date:
01/07/2021
The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2021-36087
Publication date:
01/07/2021
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2020-36403
Publication date:
01/07/2021
HTSlib through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read).
Severity CVSS v4.0: Pending analysis
Last modification:
03/02/2023

CVE-2020-36400
Publication date:
01/07/2021
ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a different vulnerability than CVE-2021-20235.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2021

CVE-2017-20006
Publication date:
01/07/2021
UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2021

CVE-2018-25018
Publication date:
01/07/2021
UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2021

CVE-2019-25048
Publication date:
01/07/2021
LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print).
Severity CVSS v4.0: Pending analysis
Last modification:
08/07/2021

CVE-2018-25017
Publication date:
01/07/2021
RawSpeed (aka librawspeed) 3.1 has a heap-based buffer overflow in TableLookUp::setTable.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2021

CVE-2020-36405
Publication date:
01/07/2021
Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::getToken.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2021

CVE-2020-36404
Publication date:
01/07/2021
Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl::~SmallVectorImpl.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2021

CVE-2020-36402
Publication date:
01/07/2021
Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLib2Interface::querySolver. NOTE: c39a5e2b7a3fabbf687f53a2823fc087be6c1a7e is cited in the OSV "fixed" field but does not have a code change.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2021
Subscribe to Vulnerabilities