Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-8820

Publication date:

12/10/2020

An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed.

Severity CVSS v4.0: Pending analysis

Last modification:

16/10/2020

CVE-2020-8821

Publication date:

12/10/2020

An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users.

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2020-9240

Publication date:

12/10/2020

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device.

Severity CVSS v4.0: Pending analysis

Last modification:

16/10/2020

CVE-2020-9110

Publication date:

12/10/2020

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an information disclosure vulnerability. The device does not sufficiently validate the output of device in certain specific scenario, the attacker can gain information in the victim&#39;s smartphone to launch the attack, successful exploit could cause information disclosure.

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2020-9230

Publication date:

12/10/2020

WS5800-10 version 10.0.3.25 has a denial of service vulnerability. Due to improper verification of specific message, an attacker may exploit this vulnerability to cause specific function to become abnormal.

Severity CVSS v4.0: Pending analysis

Last modification:

16/10/2020

CVE-2020-9107

Publication date:

12/10/2020

HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot.

Severity CVSS v4.0: Pending analysis

Last modification:

16/10/2020

CVE-2020-9108

Publication date:

12/10/2020

Severity CVSS v4.0: Pending analysis

Last modification:

16/10/2020

CVE-2020-9091

Publication date:

12/10/2020

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability. Some functions do not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device.

Severity CVSS v4.0: Pending analysis

Last modification:

16/10/2020

CVE-2020-9087

Publication date:

12/10/2020

Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information leak.

Severity CVSS v4.0: Pending analysis

Last modification:

16/10/2020

CVE-2020-9122

Publication date:

12/10/2020

Some Huawei products have an insufficient input verification vulnerability. Attackers can exploit this vulnerability in the LAN to cause service abnormal on affected devices.Affected product versions include:HiRouter-CD30-10 version 10.0.2.5;HiRouter-CT31-10 version 10.0.2.20;WS5200-12 version 10.0.1.9;WS5281-10 version 10.0.5.10;WS5800-10 version 10.0.3.25;WS7100-10 version 10.0.5.21;WS7200-10 version 10.0.5.21.

Severity CVSS v4.0: Pending analysis

Last modification:

16/10/2020

CVE-2020-9238

Publication date:

12/10/2020

Severity CVSS v4.0: Pending analysis

Last modification:

16/10/2020

CVE-2020-9123

Publication date:

12/10/2020

HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) and versions earlier than 10.1.0.160(C01E160R2P8) have a buffer overflow vulnerability. An attacker induces users to install malicious applications and sends specially constructed packets to affected devices after obtaining the root permission. Successful exploit may cause code execution.

Severity CVSS v4.0: Pending analysis

Last modification:

26/10/2020

Subscribe to Vulnerabilities