Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-13136
Publication date:
18/05/2020
D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer.
Severity CVSS v4.0: Pending analysis
Last modification:
26/04/2023

CVE-2020-6092
Publication date:
18/05/2020
An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code execution. In order to trigger this vulnerability, victim must open a malicious file.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2022

CVE-2020-6093
Publication date:
18/05/2020
An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF document can cause uninitialized memory access resulting in information disclosure. In order to trigger this vulnerability, victim must open a malicious file.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2022

CVE-2019-19456
Publication date:
18/05/2020
A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine
Severity CVSS v4.0: Pending analysis
Last modification:
30/09/2020

CVE-2019-19454
Publication date:
18/05/2020
An arbitrary file download was found in the "Download Log" functionality of Wowza Streaming Engine
Severity CVSS v4.0: Pending analysis
Last modification:
30/09/2020

CVE-2020-6074
Publication date:
18/05/2020
An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/06/2022

CVE-2020-11550
Publication date:
18/05/2020
An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitrary Wi-Fi information, such as SSIDs and Pre-Shared-Keys (PSK).
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-11551
Publication date:
18/05/2020
An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote write of arbitrary Wi-Fi configuration data such as authentication details (e.g., the Web-admin password), network settings, DNS settings, system administration interface configuration, etc.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-7246
Publication date:
18/05/2020
An issue was discovered in atillk64.sys in AMD ATI Diagnostics Hardware Abstraction Sys/Overclocking Utility 5.11.9.0. The vulnerable driver exposes a wrmsr instruction and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-7247
Publication date:
18/05/2020
An issue was discovered in AODDriver2.sys in AMD OverDrive. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x81112ee0 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-11549
Publication date:
18/05/2020
An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The root account has the same password as the Web-admin component. Thus, by exploiting CVE-2020-11551, it is possible to achieve remote code execution with root privileges on the embedded Linux system.
Severity CVSS v4.0: Pending analysis
Last modification:
20/05/2020

CVE-2020-12801
Publication date:
18/05/2020
If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice's default ODF file format, then affected versions of LibreOffice default that subsequent saves of the document are unencrypted. This may lead to a user accidentally saving a MSOffice file format document unencrypted while believing it to be encrypted. This issue affects: LibreOffice 6-3 series versions prior to 6.3.6; 6-4 series versions prior to 6.4.3.
Severity CVSS v4.0: Pending analysis
Last modification:
31/12/2023
Subscribe to Vulnerabilities