Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-29129
Publication date:
26/11/2020
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-26936
Publication date:
26/11/2020
Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack.
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2020

CVE-2020-29042
Publication date:
26/11/2020
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code.
Severity CVSS v4.0: Pending analysis
Last modification:
29/11/2020

CVE-2020-29043
Publication date:
26/11/2020
An issue was discovered in BigBlueButton through 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an email address that has an arbitrary domain name.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-29065
Publication date:
26/11/2020
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-27207
Publication date:
26/11/2020
Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data is read.
Severity CVSS v4.0: Pending analysis
Last modification:
03/12/2020

CVE-2020-27662
Publication date:
26/11/2020
In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.).
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-27663
Publication date:
26/11/2020
In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.).
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-13886
Publication date:
26/11/2020
Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal.
Severity CVSS v4.0: Pending analysis
Last modification:
06/08/2022

CVE-2020-7779
Publication date:
26/11/2020
All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, --@------------------------------------------------------------------------------------------------------------------------!.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-7778
Publication date:
26/11/2020
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2020

CVE-2020-29128
Publication date:
26/11/2020
petl before 1.68, in some configurations, allows resolution of entities in an XML document.
Severity CVSS v4.0: Pending analysis
Last modification:
03/12/2020
Subscribe to Vulnerabilities