Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-29479
Publication date:
29/06/2021
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied `X-Forwarded-Host` header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the `X-Forwarded-Host` header as a cache key. Users are only vulnerable if they do not configure a custom `PublicAddress` instance. For versions prior to 1.9.0, by default, Ratpack utilizes an inferring version of `PublicAddress` which is vulnerable. This can be used to perform redirect cache poisoning where an attacker can force a cached redirect to redirect to their site instead of the intended redirect location. The vulnerability was patched in Ratpack 1.9.0. As a workaround, ensure that `ServerConfigBuilder::publicAddress` correctly configures the server in production.
Severity CVSS v4.0: Pending analysis
Last modification:
08/07/2021

CVE-2020-7870
Publication date:
29/06/2021
A memory corruption vulnerability exists when ezPDF improperly handles the parameter. This vulnerability exists due to insufficient validation of the parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2022

CVE-2021-31530
Publication date:
29/06/2021
Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2025

CVE-2021-34824
Publication date:
29/06/2021
Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2020-7868
Publication date:
29/06/2021
A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2021

CVE-2020-7869
Publication date:
29/06/2021
An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a remote attacker to create arbitrary file. The ZOOK viewer has the "Tight file CMD" function to create file. An attacker could create and execute arbitrary file in the ZOOK agent program using "Tight file CMD" without authority.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2021

CVE-2021-31160
Publication date:
29/06/2021
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2025

CVE-2021-31531
Publication date:
29/06/2021
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2025

CVE-2020-7871
Publication date:
29/06/2021
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of the parameter. This issue affects: Cnesty Helpcom 10.0 versions prior to.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2021

CVE-2021-28691
Publication date:
29/06/2021
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer.
Severity CVSS v4.0: Pending analysis
Last modification:
06/04/2022

CVE-2021-27577
Publication date:
29/06/2021
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2021

CVE-2021-32565
Publication date:
29/06/2021
Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2021
Subscribe to Vulnerabilities