Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-15289
Publication date:
17/03/2021
Rejected reason: Unused CVE for 2020
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-15290
Publication date:
17/03/2021
Rejected reason: Unused CVE for 2020
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-15291
Publication date:
17/03/2021
Rejected reason: Unused CVE for 2020
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-15295
Publication date:
17/03/2021
Rejected reason: Unused CVE for 2020
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-15296
Publication date:
17/03/2021
Rejected reason: Unused CVE for 2020
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-15298
Publication date:
17/03/2021
Rejected reason: Unused CVE for 2020
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-17525
Publication date:
17/03/2021
Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7
Severity CVSS v4.0: Pending analysis
Last modification:
01/01/2022

CVE-2021-22860
Publication date:
17/03/2021
EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary commends.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2021

CVE-2021-22859
Publication date:
17/03/2021
The users’ data querying function of EIC e-document system does not filter the special characters which resulted in remote attackers can inject SQL syntax and execute arbitrary commands without privilege.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2021

CVE-2020-13924
Publication date:
17/03/2021
In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2021

CVE-2020-11230
Publication date:
17/03/2021
Potential arbitrary memory corruption when the qseecom driver updates ion physical addresses in the buffer as it exposes a physical address to user land in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2021

CVE-2020-11299
Publication date:
17/03/2021
Buffer overflow can occur in video while playing the non-standard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2021
Subscribe to Vulnerabilities