Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-27873
Publication date:
04/02/2021
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11559.
Severity CVSS v4.0: Pending analysis
Last modification:
08/02/2021

CVE-2020-27872
Publication date:
04/02/2021
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365.
Severity CVSS v4.0: Pending analysis
Last modification:
08/02/2021

CVE-2020-28450
Publication date:
04/02/2021
This affects all versions of package decal. The vulnerability is in the extend function.
Severity CVSS v4.0: Pending analysis
Last modification:
08/02/2021

CVE-2020-28449
Publication date:
04/02/2021
This affects all versions of package decal. The vulnerability is in the set function.
Severity CVSS v4.0: Pending analysis
Last modification:
08/02/2021

CVE-2020-16194
Publication date:
04/02/2021
An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-14247
Publication date:
04/02/2021
HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID.
Severity CVSS v4.0: Pending analysis
Last modification:
09/02/2021

CVE-2020-14245
Publication date:
04/02/2021
HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-14246
Publication date:
04/02/2021
HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-13586
Publication date:
04/02/2021
A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
23/07/2022

CVE-2020-27249
Publication date:
04/02/2021
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0004 and 0x0015, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).
Severity CVSS v4.0: Pending analysis
Last modification:
30/09/2022

CVE-2020-27248
Publication date:
04/02/2021
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0003 and 0x0014, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).
Severity CVSS v4.0: Pending analysis
Last modification:
30/09/2022

CVE-2020-27247
Publication date:
04/02/2021
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0002, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2022
Subscribe to Vulnerabilities