Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-21733
Publication date:
19/05/2021
The management system of ZXCDN is impacted by the information leak vulnerability. Attackers can make further analysis according to the information returned by the program, and then obtain some sensitive information. This affects ZXCDN V7.01 all versions up to IAMV7.01.01.02.
Severity CVSS v4.0: Pending analysis
Last modification:
28/05/2021

CVE-2020-20264
Publication date:
19/05/2021
Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.
Severity CVSS v4.0: Pending analysis
Last modification:
01/06/2021

CVE-2020-20266
Publication date:
19/05/2021
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2022

CVE-2021-21732
Publication date:
19/05/2021
A mobile phone of ZTE is impacted by improper access control vulnerability. Due to improper permission settings, third-party applications can read some files in the proc file system without authorization. Attackers could exploit this vulnerability to obtain sensitive information. This affects Axon 11 5G ZTE/CN_P725A12/P725A12:10/QKQ1.200816.002/20201116.175317:user/release-keys.
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2022

CVE-2021-20589
Publication date:
19/05/2021
Buffer access with incorrect length value vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.38.000, GT25 model communication driver versions 01.19.000 through 01.38.000, GT23 model communication driver versions 01.19.000 through 01.38.000 and GT21 model communication driver versions 01.21.000 through 01.39.000, GOT SIMPLE series GS21 model communication driver versions 01.21.000 through 01.39.000, GT SoftGOT2000 versions 1.170C through 1.250L and Tension Controller LE7-40GU-L Screen package data for MODBUS/TCP V1.00 allows a remote unauthenticated attacker to stop the communication function of the products via specially crafted packets.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-20220
Publication date:
18/05/2021
Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2021

CVE-2020-19924
Publication date:
18/05/2021
In Boostnote 0.12.1, exporting to PDF contains opportunities for XSS attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
24/05/2021

CVE-2021-31315
Publication date:
18/05/2021
Telegram Android
Severity CVSS v4.0: Pending analysis
Last modification:
25/05/2021

CVE-2021-31317
Publication date:
18/05/2021
Telegram Android
Severity CVSS v4.0: Pending analysis
Last modification:
25/05/2021

CVE-2021-31318
Publication date:
18/05/2021
Telegram Android
Severity CVSS v4.0: Pending analysis
Last modification:
25/05/2021

CVE-2021-31319
Publication date:
18/05/2021
Telegram Android
Severity CVSS v4.0: Pending analysis
Last modification:
25/05/2021

CVE-2021-31321
Publication date:
18/05/2021
Telegram Android
Severity CVSS v4.0: Pending analysis
Last modification:
25/05/2021
Subscribe to Vulnerabilities