Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-13898
Publication date:
10/06/2020
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_process in sdp.c has a NULL pointer dereference.
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2021

CVE-2020-13900
Publication date:
10/06/2020
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_preparse in sdp.c has a NULL pointer dereference.
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2021

CVE-2020-13899
Publication date:
10/06/2020
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_process_incoming_request in janus.c discloses information from uninitialized stack memory.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-5363
Publication date:
10/06/2020
Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.
Severity CVSS v4.0: Pending analysis
Last modification:
23/06/2020

CVE-2020-5362
Publication date:
10/06/2020
Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.
Severity CVSS v4.0: Pending analysis
Last modification:
23/06/2020

CVE-2020-4043
Publication date:
10/06/2020
phpMussel from versions 1.0.0 and less than 1.6.0 has an unserialization vulnerability in PHP's phar wrapper. Uploading a specially crafted file to an affected version allows arbitrary code execution (discovered, tested, and confirmed by myself), so the risk factor should be regarded as very high. Newer phpMussel versions don't use PHP's phar wrapper, and are therefore unaffected. This has been fixed in version 1.6.0.
Severity CVSS v4.0: Pending analysis
Last modification:
22/06/2020

CVE-2020-13238
Publication date:
10/06/2020
Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production.
Severity CVSS v4.0: Pending analysis
Last modification:
23/06/2020

CVE-2020-11622
Publication date:
10/06/2020
A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train, 4.21.3FX-7368.*, 4.21.4-FCRFX.*, 4.21.4.1, 4.21.7.1, 4.22.2.0.1, 4.22.2.2.1, 4.22.3.1, and 4.23.2.1 Router code in a scenario where TCP MSS options are configured.
Severity CVSS v4.0: Pending analysis
Last modification:
23/06/2020

CVE-2020-10705
Publication date:
10/06/2020
A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
22/02/2022

CVE-2020-13906
Publication date:
10/06/2020
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038eb7.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2020

CVE-2020-13905
Publication date:
10/06/2020
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038ed4.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2020

CVE-2020-12757
Publication date:
10/06/2020
HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being valid for longer than intended. Fixed in 1.4.2.
Severity CVSS v4.0: Pending analysis
Last modification:
12/10/2020
Subscribe to Vulnerabilities