Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-3927
Publication date:
03/02/2020
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
25/05/2022

CVE-2020-3926
Publication date:
03/02/2020
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
24/05/2022

CVE-2020-8508
Publication date:
03/02/2020
nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled.
Severity CVSS v4.0: Pending analysis
Last modification:
06/02/2020

CVE-2020-8514
Publication date:
02/02/2020
An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality.
Severity CVSS v4.0: Pending analysis
Last modification:
08/09/2021

CVE-2019-20446
Publication date:
02/02/2020
In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-8516
Publication date:
02/02/2020
The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2024

CVE-2020-8515
Publication date:
01/02/2020
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2025

CVE-2020-8512
Publication date:
01/02/2020
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2020

CVE-2014-2025
Publication date:
31/01/2020
Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unknown vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2020

CVE-2014-8141
Publication date:
31/01/2020
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2023

CVE-2020-8504
Publication date:
31/01/2020
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2020

CVE-2020-8505
Publication date:
31/01/2020
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2020
Subscribe to Vulnerabilities