Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-8258
Publication date:
14/12/2020
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2020

CVE-2020-8282
Publication date:
14/12/2020
A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attacker would have been able to perform unauthorized remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2020

CVE-2020-8283
Publication date:
14/12/2020
An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.
Severity CVSS v4.0: Pending analysis
Last modification:
17/12/2020

CVE-2020-8169
Publication date:
14/12/2020
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
Severity CVSS v4.0: Pending analysis
Last modification:
19/04/2022

CVE-2020-29510
Publication date:
14/12/2020
The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
Severity CVSS v4.0: Pending analysis
Last modification:
30/01/2021

CVE-2020-8231
Publication date:
14/12/2020
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-8284
Publication date:
14/12/2020
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2024

CVE-2020-8285
Publication date:
14/12/2020
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-8177
Publication date:
14/12/2020
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2022

CVE-2020-29509
Publication date:
14/12/2020
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
Severity CVSS v4.0: Pending analysis
Last modification:
27/07/2023

CVE-2020-29511
Publication date:
14/12/2020
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
Severity CVSS v4.0: Pending analysis
Last modification:
27/07/2023

CVE-2020-25187
Publication date:
14/12/2020
Medtronic MyCareLink Smart 25000 is <br /> <br />  vulnerable when an authenticated attacker runs a debug command, which can be sent to the patient reader and cause a heap overflow event within the MCL Smart Patient Reader software stack. The heap overflow could allow an attacker to remotely execute code on the MCL Smart Patient Reader, potentially leading to control of the device
Severity CVSS v4.0: Pending analysis
Last modification:
22/05/2025
Subscribe to Vulnerabilities