Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-7208

Publication date:

13/02/2020

LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2.

Severity CVSS v4.0: Pending analysis

Last modification:

18/02/2020

CVE-2020-5241

Publication date:

13/02/2020

matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4.

Severity CVSS v4.0: Pending analysis

Last modification:

18/02/2020

CVE-2019-18915

Publication date:

13/02/2020

A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service.

Severity CVSS v4.0: Pending analysis

Last modification:

01/01/2022

CVE-2020-7209

Publication date:

13/02/2020

LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.

Severity CVSS v4.0: Pending analysis

Last modification:

01/01/2022

CVE-2019-5322

Publication date:

13/02/2020

A remotely exploitable information disclosure vulnerability is present in Aruba Intelligent Edge Switch models 5400, 3810, 2920, 2930, 2530 with GigT port, 2530 10/100 port, or 2540. The vulnerability impacts firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007 and 16.10.* before 16.10.0003. The vulnerability allows an attacker to retrieve sensitive system information. This attack can be carried out without user authentication under very specific conditions.

Severity CVSS v4.0: Pending analysis

Last modification:

24/08/2020

CVE-2018-3987

Publication date:

13/02/2020

An exploitable information disclosure vulnerability exists in the &#39;Secret Chats&#39; functionality of Rakuten Viber on Android 9.3.0.6. The &#39;Secret Chats&#39; functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionality which leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device.

Severity CVSS v4.0: Pending analysis

Last modification:

03/02/2023

CVE-2020-6975

Publication date:

12/02/2020

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the application.

Severity CVSS v4.0: Pending analysis

Last modification:

21/02/2020

CVE-2020-1975

Publication date:

12/02/2020

Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6. This issue does not affect PAN-OS 7.1, PAN-OS 8.0, or PAN-OS 9.1 or later versions.

Severity CVSS v4.0: Pending analysis

Last modification:

18/02/2020

CVE-2020-1976

Publication date:

12/02/2020

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS.

Severity CVSS v4.0: Pending analysis

Last modification:

04/05/2020

CVE-2020-1977

Publication date:

12/02/2020

Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.

Severity CVSS v4.0: Pending analysis

Last modification:

30/12/2021

CVE-2020-8955

Publication date:

12/02/2020

irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2013-6022

Publication date:

12/02/2020

A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code.

Severity CVSS v4.0: Pending analysis

Last modification:

18/02/2020

Subscribe to Vulnerabilities