Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-5402
Publication date:
27/02/2020
In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers.
Severity CVSS v4.0: Pending analysis
Last modification:
03/03/2020

CVE-2020-5400
Publication date:
27/02/2020
Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
17/08/2021

CVE-2017-16900
Publication date:
27/02/2020
Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the local user to access other user's information which is unauthorized via brute force.
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2024

CVE-2020-7043
Publication date:
27/02/2020
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-7041
Publication date:
27/02/2020
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2015-2992
Publication date:
27/02/2020
Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2021

CVE-2020-7042
Publication date:
27/02/2020
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted).
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-5326
Publication date:
27/02/2020
An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component.
Severity CVSS v4.0: Pending analysis
Last modification:
03/03/2020

CVE-2019-5323
Publication date:
27/02/2020
There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2020-6863
Publication date:
27/02/2020
ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Attackers could use this vulnerability to tamper with DDNS parameters and send DoS attacks on the specified URL.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-6864
Publication date:
27/02/2020
ZTE E8820V3 router product is impacted by an information leak vulnerability. Attackers could use this vulnerability to to gain wireless passwords. After obtaining the wireless password, the attacker could collect information and attack the router.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-4669
Publication date:
27/02/2020
IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171254.
Severity CVSS v4.0: Pending analysis
Last modification:
28/02/2020
Subscribe to Vulnerabilities