Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-15788
Publication date:
09/09/2020
A vulnerability has been identified in Polarion Subversion Webclient (All versions). The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If a user is enticed into passing specially crafted, malicious input to the web client (e.g. by clicking on a malicious URL with embedded JavaScript), then JavaScript code can be returned and may then be executed by the user’s client. Various actions could be triggered by running malicious JavaScript code.
Severity CVSS v4.0: Pending analysis
Last modification:
14/09/2020

CVE-2020-1912
Publication date:
09/09/2020
An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-15791
Publication date:
09/09/2020
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
14/12/2020

CVE-2020-15784
Publication date:
09/09/2020
A vulnerability has been identified in Spectrum Power 4 (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
14/09/2020

CVE-2020-15785
Publication date:
09/09/2020
A vulnerability has been identified in Siveillance Video Client (All versions). In environments where Windows NTLM authentication is enabled the affected client application transmits usernames to the server in cleartext. This could allow an attacker in a privileged network position to obtain valid adminstrator login names and use this information to launch further attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
27/01/2023

CVE-2020-15786
Publication date:
09/09/2020
A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
08/06/2021

CVE-2020-15787
Publication date:
09/09/2020
A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
08/06/2021

CVE-2020-10050
Publication date:
09/09/2020
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
14/09/2020

CVE-2020-10049
Publication date:
09/09/2020
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
14/09/2020

CVE-2020-10051
Publication date:
09/09/2020
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
14/09/2020

CVE-2020-10056
Publication date:
09/09/2020
A vulnerability has been identified in License Management Utility (LMU) (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2023

CVE-2018-17771
Publication date:
09/09/2020
Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N.
Severity CVSS v4.0: Pending analysis
Last modification:
07/10/2022
Subscribe to Vulnerabilities