Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-35720

Publication date:

11/01/2021

Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in multiple fields (first name, last name, and logon name) when creating or modifying a user via the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Severity CVSS v4.0: Pending analysis

Last modification:

04/08/2024

CVE-2020-35719

Publication date:

11/01/2021

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Search/index.jsp file via the added parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Severity CVSS v4.0: Pending analysis

Last modification:

04/08/2024

CVE-2020-35206

Publication date:

11/01/2021

Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the cConn.jsp file via the ur parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Severity CVSS v4.0: Pending analysis

Last modification:

04/08/2024

CVE-2020-35203

Publication date:

11/01/2021

Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Severity CVSS v4.0: Pending analysis

Last modification:

04/08/2024

CVE-2020-35204

Publication date:

11/01/2021

Reflected XSS in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the PolicyAuthority/Common/FolderControl.jsp file via the unqID parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Severity CVSS v4.0: Pending analysis

Last modification:

04/08/2024

CVE-2020-35205

Publication date:

11/01/2021

Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Severity CVSS v4.0: Pending analysis

Last modification:

04/08/2024

CVE-2020-5147

Publication date:

09/01/2021

SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier.

Severity CVSS v4.0: Pending analysis

Last modification:

21/09/2021

CVE-2020-5146

Publication date:

09/01/2021

A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters. This vulnerability affected SMA100 Appliance version 10.2.0.2-20sv and earlier.

Severity CVSS v4.0: Pending analysis

Last modification:

14/01/2021

CVE-2020-4691

Publication date:

08/01/2021

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186698.

Severity CVSS v4.0: Pending analysis

Last modification:

11/01/2021

CVE-2020-4697

Publication date:

08/01/2021

IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186790.

Severity CVSS v4.0: Pending analysis

Last modification:

11/01/2021

CVE-2020-4733

Publication date:

08/01/2021

Severity CVSS v4.0: Pending analysis

Last modification:

11/01/2021

CVE-2020-4487

Publication date:

08/01/2021

IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862.

Severity CVSS v4.0: Pending analysis

Last modification:

11/01/2021

Subscribe to Vulnerabilities