Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-18759
Publication date:
13/08/2021
An information disclosure vulnerability exists in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100.
Severity CVSS v4.0: Pending analysis
Last modification:
25/08/2021

CVE-2020-18753
Publication date:
13/08/2021
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to gain access to the system and escalate privileges via a crafted packet.
Severity CVSS v4.0: Pending analysis
Last modification:
25/08/2021

CVE-2020-18758
Publication date:
13/08/2021
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
25/08/2021

CVE-2020-18757
Publication date:
13/08/2021
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to cause persistent denial of service (DOS) via a crafted packet.
Severity CVSS v4.0: Pending analysis
Last modification:
25/08/2021

CVE-2020-18756
Publication date:
13/08/2021
An arbitrary memory access vulnerability in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to read the contents of any variable area.
Severity CVSS v4.0: Pending analysis
Last modification:
25/08/2021

CVE-2021-36791
Publication date:
13/08/2021
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-36793
Publication date:
13/08/2021
The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-36792
Publication date:
13/08/2021
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2020-18754
Publication date:
13/08/2021
An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100.
Severity CVSS v4.0: Pending analysis
Last modification:
31/03/2023

CVE-2021-38553
Publication date:
13/08/2021
HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2022

CVE-2021-3352
Publication date:
13/08/2021
The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens.
Severity CVSS v4.0: Pending analysis
Last modification:
25/08/2021

CVE-2021-38554
Publication date:
13/08/2021
HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.
Severity CVSS v4.0: Pending analysis
Last modification:
08/09/2022
Subscribe to Vulnerabilities