Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-25146

Publication date:

25/09/2020

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for edit_syslog_rule.

Severity CVSS v4.0: Pending analysis

Last modification:

30/09/2020

CVE-2020-25147

Publication date:

25/09/2020

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via username[0] to the default URI, because of includes/authenticate.inc.php.

Severity CVSS v4.0: Pending analysis

Last modification:

30/09/2020

CVE-2020-25148

Publication date:

25/09/2020

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. this can occur via /iftype/type= because of pages/iftype.inc.php.

Severity CVSS v4.0: Pending analysis

Last modification:

30/09/2020

CVE-2020-25149

Publication date:

25/09/2020

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=health&metric=../ because of device/health.inc.php.

Severity CVSS v4.0: Pending analysis

Last modification:

30/09/2020

CVE-2020-16242

Publication date:

25/09/2020

The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts.

Severity CVSS v4.0: Pending analysis

Last modification:

31/01/2023

CVE-2020-14495

Publication date:

25/09/2020

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2020-25140

Publication date:

25/09/2020

Severity CVSS v4.0: Pending analysis

Last modification:

29/09/2020

CVE-2020-25139

Publication date:

25/09/2020

Severity CVSS v4.0: Pending analysis

Last modification:

29/09/2020

CVE-2020-4727

Publication date:

25/09/2020

IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim&#39;s click actions and possibly launch further attacks against the victim.

Severity CVSS v4.0: Pending analysis

Last modification:

29/09/2020

CVE-2020-4531

Publication date:

25/09/2020

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182715.

Severity CVSS v4.0: Pending analysis

Last modification:

29/09/2020

CVE-2020-25137

Publication date:

25/09/2020

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message parameter to the /alert_check URI.

Severity CVSS v4.0: Pending analysis

Last modification:

30/09/2020

CVE-2020-25138

Publication date:

25/09/2020

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alert_check/action=delete_alert_checker/alert_test_id= because of pages/alert_check.inc.php.

Severity CVSS v4.0: Pending analysis

Last modification:

30/09/2020

Subscribe to Vulnerabilities