Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-23302
Publication date:
10/06/2021
There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_ref_ecma_string in JerryScript 2.2.0
Severity CVSS v4.0: Pending analysis
Last modification:
15/06/2021

CVE-2021-20329
Publication date:
10/06/2021
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.
Severity CVSS v4.0: Pending analysis
Last modification:
16/09/2024

CVE-2021-31840
Publication date:
10/06/2021
A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. This would result in the user gaining elevated permissions and being able to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-31839
Publication date:
10/06/2021
Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the ePO server.
Severity CVSS v4.0: Pending analysis
Last modification:
15/11/2023

CVE-2021-27345
Publication date:
10/06/2021
A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a denial of service (DOS) via a crafted compressed file.
Severity CVSS v4.0: Pending analysis
Last modification:
27/04/2022

CVE-2021-27347
Publication date:
10/06/2021
Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted compressed file.
Severity CVSS v4.0: Pending analysis
Last modification:
27/04/2022

CVE-2021-34557
Publication date:
10/06/2021
XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-33031
Publication date:
10/06/2021
In LabCup before
Severity CVSS v4.0: Pending analysis
Last modification:
22/06/2021

CVE-2021-23022
Publication date:
10/06/2021
On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: Pending analysis
Last modification:
23/06/2021

CVE-2021-34546
Publication date:
10/06/2021
An unauthenticated attacker with physical access to a computer with NetSetMan Pro before 5.0 installed, that has the pre-logon profile switch button within the Windows logon screen enabled, is able to drop to an administrative shell and execute arbitrary commands as SYSTEM via the "save log to file" feature. To accomplish this, the attacker can navigate to cmd.exe.
Severity CVSS v4.0: Pending analysis
Last modification:
22/06/2021

CVE-2020-25467
Publication date:
10/06/2021
A null pointer dereference was discovered lzo_decompress_buf in stream.c in Irzip 0.621 which allows an attacker to cause a denial of service (DOS) via a crafted compressed file.
Severity CVSS v4.0: Pending analysis
Last modification:
27/04/2022

CVE-2020-24671
Publication date:
10/06/2021
Trace Financial CRESTBridge
Severity CVSS v4.0: Pending analysis
Last modification:
11/06/2021
Subscribe to Vulnerabilities