Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-21270
Publication date:
03/12/2020
Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).
Severity CVSS v4.0: Pending analysis
Last modification:
16/02/2021

CVE-2020-26248
Publication date:
03/12/2020
In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2022

CVE-2020-29534
Publication date:
03/12/2020
An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2021

CVE-2020-29529
Publication date:
03/12/2020
HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.
Severity CVSS v4.0: Pending analysis
Last modification:
08/03/2021

CVE-2020-23736
Publication date:
03/12/2020
There is a local denial of service vulnerability in DaDa accelerator 5.6.19.816,, attackers can use constructed programs to cause computer crashes (BSOD).
Severity CVSS v4.0: Pending analysis
Last modification:
04/12/2020

CVE-2020-23738
Publication date:
03/12/2020
There is a local denial of service vulnerability in Advanced SystemCare 13 PRO 13.5.0.174. Attackers can use a constructed program to cause a computer crash (BSOD)
Severity CVSS v4.0: Pending analysis
Last modification:
04/12/2020

CVE-2020-23741
Publication date:
03/12/2020
In AnyView (network police) network monitoring software 4.6.0.1, there is a local denial of service vulnerability in AnyView, attackers can use a constructed program to cause a computer crash (BSOD).
Severity CVSS v4.0: Pending analysis
Last modification:
04/12/2020

CVE-2020-17527
Publication date:
03/12/2020
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-23740
Publication date:
03/12/2020
In DriverGenius 9.61.5480.28 there is a local privilege escalation vulnerability in the driver wizard, attackers can use constructed programs to increase user privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-23727
Publication date:
03/12/2020
There is a local denial of service vulnerability in the Antiy Zhijia Terminal Defense System 5.0.2.10121559 and an attacker can cause a computer crash (BSOD).
Severity CVSS v4.0: Pending analysis
Last modification:
04/12/2020

CVE-2020-28175
Publication date:
03/12/2020
There is a local privilege escalation vulnerability in Alfredo Milani Comparetti SpeedFan 4.52. Attackers can use constructed programs to increase user privileges
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-13524
Publication date:
03/12/2020
An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.
Severity CVSS v4.0: Pending analysis
Last modification:
07/06/2022
Subscribe to Vulnerabilities