Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2013-5571

Publication date:

07/01/2020

HMailServer 5.3.x and prior: Memory Corruption which could cause DOS

Severity CVSS v4.0: Pending analysis

Last modification:

08/01/2020

CVE-2020-5843

Publication date:

07/01/2020

Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen.

Severity CVSS v4.0: Pending analysis

Last modification:

08/01/2020

CVE-2019-6855

Publication date:

06/01/2020

Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers.

Severity CVSS v4.0: Pending analysis

Last modification:

31/01/2022

CVE-2019-6856

Publication date:

06/01/2020

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP.

Severity CVSS v4.0: Pending analysis

Last modification:

03/02/2022

CVE-2019-6857

Publication date:

06/01/2020

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP.

Severity CVSS v4.0: Pending analysis

Last modification:

03/02/2022

CVE-2019-6854

Publication date:

06/01/2020

A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017.

Severity CVSS v4.0: Pending analysis

Last modification:

03/11/2021

CVE-2018-7794

Publication date:

06/01/2020

Severity CVSS v4.0: Pending analysis

Last modification:

03/02/2022

CVE-2014-8674

Publication date:

06/01/2020

Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code.

Severity CVSS v4.0: Pending analysis

Last modification:

10/01/2020

CVE-2014-9405

Publication date:

06/01/2020

A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in Freebox OS Web interface 3.0.2, which allows malicious users to execute arbitrary code.

Severity CVSS v4.0: Pending analysis

Last modification:

13/01/2020

CVE-2015-5951

Publication date:

06/01/2020

A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands.

Severity CVSS v4.0: Pending analysis

Last modification:

10/01/2020

CVE-2019-18842

Publication date:

06/01/2020

A cross-site scripting (XSS) vulnerability in the configuration web interface of the Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module with web version 1.2.2 allows attackers to leak credentials of the Wi-Fi access point the module is logged into, and the web interface login credentials, by opening a Wi-Fi access point nearby with a malicious SSID.

Severity CVSS v4.0: Pending analysis

Last modification:

14/02/2024

CVE-2019-20348

Publication date:

06/01/2020

OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to interrupt the boot sequence in order to execute arbitrary commands with root privileges and conduct further attacks.

Severity CVSS v4.0: Pending analysis

Last modification:

15/01/2020

Subscribe to Vulnerabilities