Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-2496
Publication date:
10/12/2020
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later
Severity CVSS v4.0: Pending analysis
Last modification:
22/06/2021

CVE-2020-2497
Publication date:
10/12/2020
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later
Severity CVSS v4.0: Pending analysis
Last modification:
22/06/2021

CVE-2020-27350
Publication date:
10/12/2020
APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;
Severity CVSS v4.0: Pending analysis
Last modification:
29/10/2022

CVE-2020-12516
Publication date:
10/12/2020
Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.
Severity CVSS v4.0: Pending analysis
Last modification:
08/10/2022

CVE-2020-17160
Publication date:
10/12/2020
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-17147
Publication date:
10/12/2020
Dynamics CRM Webclient Cross-site Scripting Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
30/12/2023

CVE-2020-7339
Publication date:
10/12/2020
Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on the same local network to potentially intercept communication between the Server and Sensors.
Severity CVSS v4.0: Pending analysis
Last modification:
16/11/2023

CVE-2020-17143
Publication date:
10/12/2020
Microsoft Exchange Server Information Disclosure Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
30/12/2023

CVE-2020-17145
Publication date:
10/12/2020
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
31/12/2023

CVE-2020-17148
Publication date:
10/12/2020
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
30/12/2023

CVE-2020-17152
Publication date:
10/12/2020
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
30/12/2023

CVE-2020-17153
Publication date:
10/12/2020
Microsoft Edge for Android Spoofing Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
31/12/2023
Subscribe to Vulnerabilities