Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-7053

Publication date:
14/01/2020
In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-7054

Publication date:
14/01/2020
MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type.
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2020

CVE-2011-3183

Publication date:
14/01/2020
A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2011-3202

Publication date:
14/01/2020
A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2011-2933

Publication date:
14/01/2020
An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2011-2934

Publication date:
14/01/2020
A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2011-2706

Publication date:
14/01/2020
A Cross-Site Scripting (XSS) vulnerability exists in the reorder administrator functions in sNews 1.71.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2019-16784

Publication date:
14/01/2020
In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user (at least more than the current one) which have his "TempPath" resolving to a world writable directory. This is the case for example if the software is launched as a service or as a scheduled task using a system account (TempPath will be C:\Windows\Temp). In order to be exploitable the software has to be (re)started after the attacker launch the exploit program, so for a service launched at startup, a service restart is needed (e.g. after a crash or an upgrade).
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2020

CVE-2011-3203

Publication date:
14/01/2020
A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2019-13722

Publication date:
14/01/2020
Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-5509

Publication date:
14/01/2020
PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image.
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2023

CVE-2020-6173

Publication date:
14/01/2020
TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption.
Severity CVSS v4.0: Pending analysis
Last modification:
21/01/2020