Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-13646
Publication date:
05/06/2020
In Cheetah free WiFi 5.1, the driver file (liebaonat.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020f8, 0x830020E0, 0x830020E4, or 0x8300210c.
Severity CVSS v4.0: Pending analysis
Last modification:
15/06/2020

CVE-2020-13870
Publication date:
05/06/2020
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name.
Severity CVSS v4.0: Pending analysis
Last modification:
09/06/2020

CVE-2020-13869
Publication date:
05/06/2020
An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name.
Severity CVSS v4.0: Pending analysis
Last modification:
09/06/2020

CVE-2020-13868
Publication date:
05/06/2020
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity.
Severity CVSS v4.0: Pending analysis
Last modification:
09/06/2020

CVE-2020-5591
Publication date:
05/06/2020
XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to 1.7.18, and versions before 1.7.0 allow remote attackers to cause a denial of service condition resulting in degradation of the recursive resolver's performance or compromising the recursive resolver as a reflector in a reflection attack.
Severity CVSS v4.0: Pending analysis
Last modification:
11/06/2020

CVE-2020-13867
Publication date:
05/06/2020
Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files).
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-10071
Publication date:
05/06/2020
The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2020

CVE-2020-10061
Publication date:
05/06/2020
Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.
Severity CVSS v4.0: Pending analysis
Last modification:
18/10/2021

CVE-2020-10062
Publication date:
05/06/2020
An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2020

CVE-2020-10063
Publication date:
05/06/2020
A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2020

CVE-2020-10068
Publication date:
05/06/2020
In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2020

CVE-2020-10070
Publication date:
05/06/2020
In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2020
Subscribe to Vulnerabilities