Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-15709
Publication date:
01/06/2020
An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI.
Severity CVSS v4.0: Pending analysis
Last modification:
03/06/2020

CVE-2020-13695
Publication date:
01/06/2020
In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/*.db or /etc/shadow file.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2014-8939
Publication date:
01/06/2020
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2020

CVE-2014-8940
Publication date:
01/06/2020
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (names and details of projects) by visiting the /update.log URI.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2020

CVE-2014-8941
Publication date:
01/06/2020
Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2020

CVE-2014-8942
Publication date:
01/06/2020
Lexiglot through 2014-11-20 allows CSRF.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2020

CVE-2014-8943
Publication date:
01/06/2020
Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2020

CVE-2014-8944
Publication date:
01/06/2020
Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2020

CVE-2014-8945
Publication date:
01/06/2020
admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2020

CVE-2014-8937
Publication date:
01/06/2020
Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2020

CVE-2014-8938
Publication date:
01/06/2020
Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2020

CVE-2014-9702
Publication date:
01/06/2020
system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such as a password reset request.
Severity CVSS v4.0: Pending analysis
Last modification:
04/06/2020
Subscribe to Vulnerabilities