Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2013-4227
Publication date:
18/02/2020
Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security token that is not a string data type.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2020

CVE-2015-7506
Publication date:
18/02/2020
The gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted LZW stream in a GIF file.
Severity CVSS v4.0: Pending analysis
Last modification:
26/02/2020

CVE-2014-4651
Publication date:
18/02/2020
It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2020

CVE-2013-4454
Publication date:
18/02/2020
WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypass Vulnerabilities
Severity CVSS v4.0: Pending analysis
Last modification:
21/02/2020

CVE-2015-6970
Publication date:
18/02/2020
The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML injection attacks via the idstring parameter to rcp.xml.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2020

CVE-2013-5594
Publication date:
18/02/2020
Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding
Severity CVSS v4.0: Pending analysis
Last modification:
28/02/2020

CVE-2015-1425
Publication date:
18/02/2020
JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2020

CVE-2020-5530
Publication date:
18/02/2020
Cross-site request forgery (CSRF) vulnerability in Easy Property Listings versions prior to 3.4 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
19/02/2020

CVE-2020-1842
Publication date:
18/02/2020
Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker obtain high privilege.
Severity CVSS v4.0: Pending analysis
Last modification:
20/02/2020

CVE-2020-8010
Publication date:
18/02/2020
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2022

CVE-2020-8012
Publication date:
18/02/2020
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2022

CVE-2020-8011
Publication date:
18/02/2020
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service.
Severity CVSS v4.0: Pending analysis
Last modification:
30/12/2021
Subscribe to Vulnerabilities