Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-1978
Publication date:
08/04/2020
TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account credentials. These credentials are equivalent to the credentials associated with the Contributor role in Azure. A user with the credentials will be able to manage all the Azure resources in the subscription except for granting access to other resources. These credentials do not allow login access to the VMs themselves. This issue affects VM Series Plugin versions before 1.0.9 for PAN-OS 9.0. This issue does not affect VM Series in non-HA configurations or on other cloud platforms. It does not affect hardware firewall appliances. Since becoming aware of the issue, Palo Alto Networks has safely deleted all the tech support files with the credentials. We now filter and remove these credentials from all TechSupport files sent to us. The TechSupport files uploaded to Palo Alto Networks systems were only accessible by authorized personnel with valid Palo Alto Networks credentials. We do not have any evidence of malicious access or use of these credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
10/04/2020

CVE-2020-10980
Publication date:
08/04/2020
GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2020

CVE-2020-1988
Publication date:
08/04/2020
An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows;
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2020

CVE-2020-1989
Publication date:
08/04/2020
An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks Global Protect Agent for Linux 5.0 versions before 5.0.8; 5.1 versions before 5.1.1.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2020

CVE-2020-10978
Publication date:
08/04/2020
GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-10979
Publication date:
08/04/2020
GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-10981
Publication date:
08/04/2020
GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-1987
Publication date:
08/04/2020
An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1.
Severity CVSS v4.0: Pending analysis
Last modification:
14/09/2021

CVE-2020-10814
Publication date:
08/04/2020
A buffer overflow vulnerability in Code::Blocks 17.12 allows an attacker to execute arbitrary code via a crafted project file.
Severity CVSS v4.0: Pending analysis
Last modification:
10/04/2020

CVE-2020-10976
Publication date:
08/04/2020
GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2020

CVE-2020-10975
Publication date:
08/04/2020
GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-10977
Publication date:
08/04/2020
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.
Severity CVSS v4.0: Pending analysis
Last modification:
06/10/2022
Subscribe to Vulnerabilities