Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-4613

Publication date:

05/02/2020

IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 168524.

Severity CVSS v4.0: Pending analysis

Last modification:

06/02/2020

CVE-2020-6174

Publication date:

05/02/2020

TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature.

Severity CVSS v4.0: Pending analysis

Last modification:

07/02/2020

CVE-2020-7967

Publication date:

05/02/2020

GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).

Severity CVSS v4.0: Pending analysis

Last modification:

06/02/2020

CVE-2019-4616

Publication date:

05/02/2020

IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 168644.

Severity CVSS v4.0: Pending analysis

Last modification:

24/08/2020

CVE-2019-4670

Publication date:

05/02/2020

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319.

Severity CVSS v4.0: Pending analysis

Last modification:

24/08/2020

CVE-2020-7968

Publication date:

05/02/2020

GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2020-7969

Publication date:

05/02/2020

GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2019-16203

Publication date:

05/02/2020

Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.

Severity CVSS v4.0: Pending analysis

Last modification:

01/01/2022

CVE-2019-16204

Publication date:

05/02/2020

Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.

Severity CVSS v4.0: Pending analysis

Last modification:

01/01/2022