Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-8133
Publication date:
09/11/2020
A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-8150
Publication date:
09/11/2020
A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.
Severity CVSS v4.0: Pending analysis
Last modification:
24/05/2022

CVE-2020-25655
Publication date:
09/11/2020
An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. Views created for an admin user would be made available for a short time to users with only view permission. In this short time window the user with view permission could read cluster secrets that should only be disclosed to admin users.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-24353
Publication date:
09/11/2020
Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header.
Severity CVSS v4.0: Pending analysis
Last modification:
13/11/2020

CVE-2020-15297
Publication date:
09/11/2020
Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. This issue affects: Bitdefender Update Server versions prior to 6.6.20.294.
Severity CVSS v4.0: Pending analysis
Last modification:
24/11/2020

CVE-2020-28351
Publication date:
09/11/2020
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING& page.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2020

CVE-2020-28349
Publication date:
09/11/2020
An inaccurate frame deduplication process in ChirpStack Network Server 3.9.0 allows a malicious gateway to perform uplink Denial of Service via malformed frequency attributes in CollectAndCallOnceCollect in internal/uplink/collect.go. NOTE: the vendor's position is that there are no "guarantees that allowing untrusted LoRa gateways to the network should still result in a secure network.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2024

CVE-2020-24400
Publication date:
09/11/2020
Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data from the database.
Severity CVSS v4.0: Pending analysis
Last modification:
12/11/2020

CVE-2020-24401
Publication date:
09/11/2020
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. A user can still access resources provisioned under their old role after an administrator removes the role or disables the user's account.
Severity CVSS v4.0: Pending analysis
Last modification:
12/11/2020

CVE-2020-24407
Publication date:
09/11/2020
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components.
Severity CVSS v4.0: Pending analysis
Last modification:
12/11/2020

CVE-2020-24406
Publication date:
09/11/2020
When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier) are affected by an information disclosure vulnerability that could expose the installation path during build deployments. This information could be helpful to attackers if they are able to identify other exploitable vulnerabilities in the environment.
Severity CVSS v4.0: Pending analysis
Last modification:
12/11/2020

CVE-2020-24402
Publication date:
09/11/2020
Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorization.
Severity CVSS v4.0: Pending analysis
Last modification:
19/08/2022
Subscribe to Vulnerabilities