Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2014-8941
Publication date:
01/06/2020
Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2020

CVE-2014-8942
Publication date:
01/06/2020
Lexiglot through 2014-11-20 allows CSRF.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2020

CVE-2014-8943
Publication date:
01/06/2020
Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2020

CVE-2014-8944
Publication date:
01/06/2020
Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2020

CVE-2014-8945
Publication date:
01/06/2020
admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2020

CVE-2014-7173
Publication date:
01/06/2020
FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2020

CVE-2014-7174
Publication date:
01/06/2020
FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2020

CVE-2014-7175
Publication date:
01/06/2020
FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2020

CVE-2020-13448
Publication date:
01/06/2020
QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
13/12/2021

CVE-2020-13694
Publication date:
01/06/2020
In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2020

CVE-2020-12062
Publication date:
01/06/2020
The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that "this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol" and "utimes does not fail under normal circumstances.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2024

CVE-2019-5334
Publication date:
01/06/2020
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities