Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-12470
Publication date:
29/04/2020
MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template.
Severity CVSS v4.0: Pending analysis
Last modification:
04/05/2020

CVE-2019-16011
Publication date:
29/04/2020
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
22/05/2023

CVE-2020-11024
Publication date:
29/04/2020
In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS.
Severity CVSS v4.0: Pending analysis
Last modification:
26/10/2021

CVE-2020-12467
Publication date:
29/04/2020
Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2020

CVE-2020-12468
Publication date:
29/04/2020
Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2020

CVE-2020-11023
Publication date:
29/04/2020
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Severity CVSS v4.0: Pending analysis
Last modification:
04/04/2025

CVE-2020-12472
Publication date:
29/04/2020
MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description.
Severity CVSS v4.0: Pending analysis
Last modification:
04/05/2020

CVE-2020-12473
Publication date:
29/04/2020
MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-12465
Publication date:
29/04/2020
An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages.
Severity CVSS v4.0: Pending analysis
Last modification:
12/10/2023

CVE-2020-11020
Publication date:
29/04/2020
Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It is patched in versions 1.0.4, 1.1.3 and 1.2.5.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2020

CVE-2020-11021
Publication date:
29/04/2020
Actions Http-Client (NPM @actions/http-client) before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request leads to a redirect (302) and 3. the redirect url redirects to another domain or hostname Then the authorization header will get passed to the other domain. The problem is fixed in version 1.0.8.
Severity CVSS v4.0: Pending analysis
Last modification:
14/09/2021

CVE-2020-12464
Publication date:
29/04/2020
usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925.
Severity CVSS v4.0: Pending analysis
Last modification:
12/10/2023
Subscribe to Vulnerabilities