Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-20409
Publication date:
23/06/2020
The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2020

CVE-2020-12782
Publication date:
23/06/2020
Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-14946
Publication date:
22/06/2020
downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files, a user is able to view local files on the web server by manipulating the FileName and FilePath parameters in the URL, or while using a proxy. This vulnerability could be used to view local sensitive files or configuration files.
Severity CVSS v4.0: Pending analysis
Last modification:
30/01/2023

CVE-2020-4033
Publication date:
22/06/2020
In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-4032
Publication date:
22/06/2020
In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-4031
Publication date:
22/06/2020
In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-4030
Publication date:
22/06/2020
In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-11096
Publication date:
22/06/2020
In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-11097
Publication date:
22/06/2020
In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-11098
Publication date:
22/06/2020
In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-cache` option enabled This is fixed in version 2.1.2.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-11099
Publication date:
22/06/2020
In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-14943
Publication date:
22/06/2020
The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.7234.24750 and earlier are vulnerable to stored cross-site scripting (XSS) via Update User Profile.
Severity CVSS v4.0: Pending analysis
Last modification:
27/01/2023
Subscribe to Vulnerabilities