Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-10606
Publication date:
24/07/2020
In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI System data from other users, such as from a shared workstation or terminal server deployment.
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2020

CVE-2020-10608
Publication date:
24/07/2020
In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target another local user of PI System software on the computer to escalate privilege and result in unauthorized information disclosure, deletion, or modification.
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2020

CVE-2020-8174
Publication date:
24/07/2020
napi_get_value_string_*() allows various kinds of memory corruption in node
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2022

CVE-2020-8207
Publication date:
24/07/2020
Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running.
Severity CVSS v4.0: Pending analysis
Last modification:
29/07/2020

CVE-2020-8175
Publication date:
24/07/2020
Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image.
Severity CVSS v4.0: Pending analysis
Last modification:
27/07/2020

CVE-2020-15945
Publication date:
24/07/2020
Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.
Severity CVSS v4.0: Pending analysis
Last modification:
19/02/2025

CVE-2020-14725
Publication date:
24/07/2020
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity CVSS v4.0: Pending analysis
Last modification:
28/07/2022

CVE-2020-15932
Publication date:
24/07/2020
Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2020

CVE-2020-8326
Publication date:
24/07/2020
An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
29/07/2020

CVE-2020-8317
Publication date:
24/07/2020
A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
29/07/2020

CVE-2020-15860
Publication date:
24/07/2020
Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it was discovered that it is possible to access any host in the internal domain, even if it has no published applications or the mentioned host is no longer associated with that server farm.
Severity CVSS v4.0: Pending analysis
Last modification:
20/01/2023

CVE-2020-14297
Publication date:
24/07/2020
A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.
Severity CVSS v4.0: Pending analysis
Last modification:
29/12/2023
Subscribe to Vulnerabilities