Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-7868
Publication date:
29/06/2021
A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2021

CVE-2020-7869
Publication date:
29/06/2021
An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a remote attacker to create arbitrary file. The ZOOK viewer has the "Tight file CMD" function to create file. An attacker could create and execute arbitrary file in the ZOOK agent program using "Tight file CMD" without authority.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2021

CVE-2021-31160
Publication date:
29/06/2021
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2025

CVE-2021-31531
Publication date:
29/06/2021
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2025

CVE-2020-7871
Publication date:
29/06/2021
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of the parameter. This issue affects: Cnesty Helpcom 10.0 versions prior to.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2021

CVE-2021-28691
Publication date:
29/06/2021
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer.
Severity CVSS v4.0: Pending analysis
Last modification:
06/04/2022

CVE-2021-27577
Publication date:
29/06/2021
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2021

CVE-2021-32565
Publication date:
29/06/2021
Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2021

CVE-2021-34550
Publication date:
29/06/2021
An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2021

CVE-2021-28690
Publication date:
29/06/2021
x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend.
Severity CVSS v4.0: Pending analysis
Last modification:
21/09/2021

CVE-2021-34549
Publication date:
29/06/2021
An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-22545
Publication date:
29/06/2021
An attacker can craft a specific IdaPro *.i64 file that will cause the BinDiff plugin to load an invalid memory offset. This can allow the attacker to control the instruction pointer and execute arbitrary code. It is recommended to upgrade BinDiff 7
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2021
Subscribe to Vulnerabilities