Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-2493

Publication date:

10/12/2020

This cross-site scripting vulnerability in Multimedia Console allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in Multimedia Console 1.1.5 and later.

Severity CVSS v4.0: Pending analysis

Last modification:

11/12/2020

CVE-2020-27351

Publication date:

10/12/2020

Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;

Severity CVSS v4.0: Pending analysis

Last modification:

14/12/2020

CVE-2020-2494

Publication date:

10/12/2020

This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in the following versions of Music Station. QuTS hero h4.5.1: Music Station 5.3.13 and later QTS 4.5.1: Music Station 5.3.12 and later QTS 4.4.3: Music Station 5.3.12 and later

Severity CVSS v4.0: Pending analysis

Last modification:

14/11/2023

CVE-2020-2495

Publication date:

10/12/2020

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later

Severity CVSS v4.0: Pending analysis

Last modification:

22/06/2021

CVE-2020-2496

Publication date:

10/12/2020

Severity CVSS v4.0: Pending analysis

Last modification:

22/06/2021

CVE-2020-2497

Publication date:

10/12/2020

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later

Severity CVSS v4.0: Pending analysis

Last modification:

22/06/2021

CVE-2020-27350

Publication date:

10/12/2020

APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;

Severity CVSS v4.0: Pending analysis

Last modification:

29/10/2022

CVE-2020-12516

Publication date:

10/12/2020

Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.

Severity CVSS v4.0: Pending analysis

Last modification:

08/10/2022

CVE-2020-17160

Publication date:

10/12/2020

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2020-17147

Publication date:

10/12/2020

Dynamics CRM Webclient Cross-site Scripting Vulnerability

Severity CVSS v4.0: Pending analysis

Last modification:

30/12/2023

CVE-2020-7339

Publication date:

10/12/2020

Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on the same local network to potentially intercept communication between the Server and Sensors.

Severity CVSS v4.0: Pending analysis

Last modification:

16/11/2023