Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-4478
Publication date:
12/05/2020
IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-4195
Publication date:
12/05/2020
IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174859.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2020

CVE-2020-10741
Publication date:
12/05/2020
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-12826. Reason: This candidate is a duplicate of CVE-2020-12826. Notes: All CVE users should reference CVE-2020-12826 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-9310
Publication date:
12/05/2020
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-4346
Publication date:
12/05/2020
IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. IBM X-Force ID: 178322.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-8159
Publication date:
12/05/2020
There is a vulnerability in actionpack_page-caching gem
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-8154
Publication date:
12/05/2020
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-8155
Publication date:
12/05/2020
An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-8156
Publication date:
12/05/2020
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2020-8153
Publication date:
12/05/2020
Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-8151
Publication date:
12/05/2020
There is a possible information disclosure issue in Active Resource
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-11072
Publication date:
12/05/2020
In SLP Validate (npm package slp-validate) before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. This has been fixed in slp-validate in version 1.2.1. Additonally, slpjs version 0.27.2 has a related fix under related CVE-2020-11071.
Severity CVSS v4.0: Pending analysis
Last modification:
19/05/2020
Subscribe to Vulnerabilities