Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-4213
Publication date:
24/02/2020
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175024.
Severity CVSS v4.0: Pending analysis
Last modification:
01/01/2022

CVE-2019-4703
Publication date:
24/02/2020
IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-4745
Publication date:
24/02/2020
IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. IBM X-Force ID: 172883.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2020-8131
Publication date:
24/02/2020
Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2020

CVE-2020-5186
Publication date:
24/02/2020
DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2).
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-5187
Publication date:
24/02/2020
DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2).
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-18182
Publication date:
24/02/2020
pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-controlled crafted database and package.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-18183
Publication date:
24/02/2020
pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an attacker-controlled crafted database and delta file.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-20480
Publication date:
24/02/2020
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection.
Severity CVSS v4.0: Pending analysis
Last modification:
28/02/2020

CVE-2020-8130
Publication date:
24/02/2020
There is an OS command injection vulnerability in Ruby Rake
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-20481
Publication date:
24/02/2020
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2020-5188
Publication date:
24/02/2020
DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities