Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-8774

Publication date:
29/04/2020
Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function.
Severity CVSS v4.0: Pending analysis
Last modification:
20/08/2020

CVE-2020-2575

Publication date:
29/04/2020
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-12252

Publication date:
29/04/2020
An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an arbitrary file upload for an authenticated user. If an executable file is uploaded into the www-root directory, then it could yield remote code execution via the filename parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
18/05/2020

CVE-2020-12446

Publication date:
29/04/2020
The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input from and output to I/O ports to local non-privileged users. This leads to privilege escalation to NT AUTHORITY\SYSTEM.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-12251

Publication date:
29/04/2020
An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value (in the POST method) from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the machine.
Severity CVSS v4.0: Pending analysis
Last modification:
18/05/2020

CVE-2020-11677

Publication date:
29/04/2020
Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3).
Severity CVSS v4.0: Pending analysis
Last modification:
04/05/2020

CVE-2020-11676

Publication date:
29/04/2020
Cerner medico 26.00 has a Local Buffer Overflow (issue 2 of 3).
Severity CVSS v4.0: Pending analysis
Last modification:
04/05/2020

CVE-2020-11675

Publication date:
29/04/2020
Cerner medico 26.00 has a Local Buffer Overflow (issue 1 of 3).
Severity CVSS v4.0: Pending analysis
Last modification:
04/05/2020

CVE-2020-11674

Publication date:
29/04/2020
Cerner medico 26.00 allows variable reuse, possibly causing data corruption.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-11446

Publication date:
29/04/2020
ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege escalation.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-4288

Publication date:
29/04/2020
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160631.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-10797

Publication date:
29/04/2020
An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version. After passing inputs to the command and executing this command, the $result variable is not sanitized before it is printed.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2020