Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-24012

Publication date:

02/06/2021

An improper following of a certificate&#39;s chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority.

Severity CVSS v4.0: Pending analysis

Last modification:

14/06/2021

CVE-2021-23894

Publication date:

02/06/2021

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server.

Severity CVSS v4.0: Pending analysis

Last modification:

15/11/2023

CVE-2020-14388

Publication date:

02/06/2021

A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API&#39;s admin portal were not properly enforced. This flaw allows an authenticated user to bypass normal account restrictions and access API services where they do not have permission.

Severity CVSS v4.0: Pending analysis

Last modification:

25/07/2022

CVE-2020-14380

Publication date:

02/06/2021

An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellite.

Severity CVSS v4.0: Pending analysis

Last modification:

12/02/2023

CVE-2020-14340

Publication date:

02/06/2021

A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.

Severity CVSS v4.0: Pending analysis

Last modification:

25/07/2022

CVE-2020-14371

Publication date:

02/06/2021

A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite.

Severity CVSS v4.0: Pending analysis

Last modification:

11/06/2021

CVE-2020-14326

Publication date:

02/06/2021

A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.

Severity CVSS v4.0: Pending analysis

Last modification:

15/07/2022

CVE-2020-14335

Publication date:

02/06/2021

A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability.

Severity CVSS v4.0: Pending analysis

Last modification:

12/02/2023

CVE-2020-14336

Publication date:

02/06/2021

A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability.

Severity CVSS v4.0: Pending analysis

Last modification:

12/02/2023

CVE-2020-14317

Publication date:

02/06/2021

It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.

Severity CVSS v4.0: Pending analysis

Last modification:

10/06/2021

CVE-2020-10771

Publication date:

02/06/2021

A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack.

Severity CVSS v4.0: Pending analysis

Last modification:

30/11/2021

CVE-2020-6641

Publication date:

02/06/2021

Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters.

Severity CVSS v4.0: Pending analysis

Last modification:

03/05/2022

Subscribe to Vulnerabilities