Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-25609
Publication date:
18/12/2020
The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to view and modify user data.
Severity CVSS v4.0: Pending analysis
Last modification:
18/12/2020

CVE-2020-27154
Publication date:
18/12/2020
The chat window of Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.11 and 7.x before 7.0.3 could allow an attacker to gain access to user information by sending arbitrary code, due to improper input validation. A successful exploit could allow an attacker to view the user information and application data.
Severity CVSS v4.0: Pending analysis
Last modification:
21/12/2020

CVE-2020-27639
Publication date:
18/12/2020
The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations.
Severity CVSS v4.0: Pending analysis
Last modification:
21/12/2020

CVE-2020-27640
Publication date:
18/12/2020
The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with firmware before 1.5.3 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations.
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2020

CVE-2020-27340
Publication date:
18/12/2020
The online help portal of Mitel MiCollab before 9.2 could allow an attacker to redirect a user to an unauthorized website by executing malicious script due to insufficient access control.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-25606
Publication date:
18/12/2020
The AWV component of Mitel MiCollab before 9.2 could allow an attacker to view system information by sending arbitrary code due to improper input validation, aka XSS.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-25608
Publication date:
18/12/2020
The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-25610
Publication date:
18/12/2020
The AWV component of Mitel MiCollab before 9.2 could allow an attacker to gain access to a web conference due to insufficient access control for conference codes.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-25611
Publication date:
18/12/2020
The AWV portal of Mitel MiCollab before 9.2 could allow an attacker to gain access to conference information by sending arbitrary code due to improper input validation, aka XSS. Successful exploitation could allow an attacker to view user conference information.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-25612
Publication date:
18/12/2020
The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an attacker with escalated privilege to access user files due to insufficient access control. Successful exploit could potentially allow an attacker to gain access to sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-24693
Publication date:
18/12/2020
The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to view system information due to insufficient output sanitization.
Severity CVSS v4.0: Pending analysis
Last modification:
18/12/2020

CVE-2020-7838
Publication date:
18/12/2020
A arbitrary code execution vulnerability exists in the way that the Stove client improperly validates input value. An attacker could execute arbitrary code when the user access to crafted web page. This issue affects: Smilegate STOVE Client 0.0.4.72.
Severity CVSS v4.0: Pending analysis
Last modification:
21/12/2020
Subscribe to Vulnerabilities