Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-28650
Publication date:
16/11/2020
The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles.
Severity CVSS v4.0: Pending analysis
Last modification:
27/11/2020

CVE-2020-28649
Publication date:
16/11/2020
The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file.
Severity CVSS v4.0: Pending analysis
Last modification:
27/11/2020

CVE-2020-28656
Publication date:
16/11/2020
The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainment system and executed as root.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2020

CVE-2020-28648
Publication date:
16/11/2020
Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.
Severity CVSS v4.0: Pending analysis
Last modification:
18/10/2022

CVE-2020-28642
Publication date:
16/11/2020
In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2020

CVE-2020-8271
Publication date:
16/11/2020
Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2020

CVE-2020-8273
Publication date:
16/11/2020
Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2020

CVE-2020-8272
Publication date:
16/11/2020
Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2020

CVE-2020-2492
Publication date:
16/11/2020
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2020

CVE-2020-8269
Publication date:
16/11/2020
An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9
Severity CVSS v4.0: Pending analysis
Last modification:
03/12/2020

CVE-2020-8270
Publication date:
16/11/2020
An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342
Severity CVSS v4.0: Pending analysis
Last modification:
03/12/2020

CVE-2020-5666
Publication date:
16/11/2020
Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from '05' to '19' and R04/08/16/32/120(EN)CPU Firmware versions from '35' to '51') allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication.
Severity CVSS v4.0: Pending analysis
Last modification:
03/12/2020
Subscribe to Vulnerabilities