Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2013-2571
Publication date:
28/01/2020
Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer.
Severity CVSS v4.0: Pending analysis
Last modification:
06/02/2020

CVE-2013-1895
Publication date:
28/01/2020
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2020

CVE-2013-1437
Publication date:
28/01/2020
Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2020

CVE-2020-7934
Publication date:
28/01/2020
In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search feature to search for other users (i.e., if a user with modified fields occurs in the search results). This issue was fixed in Liferay Portal CE version 7.3.0 GA1.
Severity CVSS v4.0: Pending analysis
Last modification:
23/11/2020

CVE-2020-7799
Publication date:
28/01/2020
An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-5523
Publication date:
28/01/2020
Android App 'MyPallete' and some of the Android banking applications based on 'MyPallete' do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2020

CVE-2020-7997
Publication date:
28/01/2020
ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Name field to the Parental Control feature.
Severity CVSS v4.0: Pending analysis
Last modification:
29/01/2020

CVE-2020-7998
Publication date:
28/01/2020
An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. The vulnerability is located in the developer path that is accessible and hidden next to the root path. By default, there is no password set for the FTP or Web UI service.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2020

CVE-2019-5468
Publication date:
28/01/2020
An privilege escalation issue was discovered in Gitlab versions
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2020

CVE-2019-5470
Publication date:
28/01/2020
An information disclosure issue was discovered GitLab versions
Severity CVSS v4.0: Pending analysis
Last modification:
21/10/2020

CVE-2019-5466
Publication date:
28/01/2020
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names.
Severity CVSS v4.0: Pending analysis
Last modification:
20/10/2020

CVE-2019-5472
Publication date:
28/01/2020
An authorization issue was discovered in Gitlab versions
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2020
Subscribe to Vulnerabilities