Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-20579
Publication date:
24/06/2021
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283.
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2022

CVE-2020-4885
Publication date:
24/06/2021
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force ID: 190909.
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2021

CVE-2020-4945
Publication date:
24/06/2021
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945.
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2021

CVE-2021-29777
Publication date:
24/06/2021
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031.
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2021

CVE-2021-32490
Publication date:
24/06/2021
A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences.
Severity CVSS v4.0: Pending analysis
Last modification:
21/12/2022

CVE-2021-32491
Publication date:
24/06/2021
A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences.
Severity CVSS v4.0: Pending analysis
Last modification:
21/12/2022

CVE-2021-32493
Publication date:
24/06/2021
A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences.
Severity CVSS v4.0: Pending analysis
Last modification:
21/12/2022

CVE-2021-32709
Publication date:
24/06/2021
Shopware is an open source eCommerce platform. Creation of order credits was not validated by ACL in admin orders. Users are recommend to update to the current version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
Severity CVSS v4.0: Pending analysis
Last modification:
01/07/2021

CVE-2021-33004
Publication date:
24/06/2021
The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2022

CVE-2020-18668
Publication date:
24/06/2021
Cross Site Scripting (XSS) vulnerabililty in WebPort
Severity CVSS v4.0: Pending analysis
Last modification:
01/07/2021

CVE-2021-33002
Publication date:
24/06/2021
Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior).
Severity CVSS v4.0: Pending analysis
Last modification:
01/07/2021

CVE-2021-33000
Publication date:
24/06/2021
Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).
Severity CVSS v4.0: Pending analysis
Last modification:
01/07/2021
Subscribe to Vulnerabilities