Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-12418

Publication date:

09/07/2020

Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR

Severity CVSS v4.0: Pending analysis

Last modification:

27/01/2023

CVE-2020-12419

Publication date:

09/07/2020

When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR

Severity CVSS v4.0: Pending analysis

Last modification:

27/01/2023

CVE-2020-12420

Publication date:

09/07/2020

When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR

Severity CVSS v4.0: Pending analysis

Last modification:

03/05/2022

CVE-2020-12406

Publication date:

09/07/2020

Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird

Severity CVSS v4.0: Pending analysis

Last modification:

27/01/2023

CVE-2020-12407

Publication date:

09/07/2020

Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. This vulnerability affects Firefox

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2020-12408

Publication date:

09/07/2020

When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2020-12410

Publication date:

09/07/2020

Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird

Severity CVSS v4.0: Pending analysis

Last modification:

03/05/2022

CVE-2020-12411

Publication date:

09/07/2020

Mozilla developers reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2020-12415

Publication date:

09/07/2020

When "%2F" was present in a manifest URL, Firefox&#39;s AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox

Severity CVSS v4.0: Pending analysis

Last modification:

27/01/2023

CVE-2020-12416

Publication date:

09/07/2020

A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox

Severity CVSS v4.0: Pending analysis

Last modification:

03/05/2022

CVE-2020-12417

Publication date:

09/07/2020

Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR

Severity CVSS v4.0: Pending analysis

Last modification:

03/05/2022

CVE-2020-12402

Publication date:

09/07/2020

During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

Subscribe to Vulnerabilities