Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-27780
Publication date:
18/12/2020
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.
Severity CVSS v4.0: Pending analysis
Last modification:
28/12/2020

CVE-2020-14232
Publication date:
18/12/2020
A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user.
Severity CVSS v4.0: Pending analysis
Last modification:
21/12/2020

CVE-2020-13527
Publication date:
18/12/2020
An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
07/10/2022

CVE-2020-13528
Publication date:
18/12/2020
An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
05/10/2022

CVE-2020-13509
Publication date:
18/12/2020
An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) Using the IRP 0x9c4060cc gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability and this access could allow for information leakage of sensitive data.
Severity CVSS v4.0: Pending analysis
Last modification:
20/01/2023

CVE-2020-13510
Publication date:
18/12/2020
An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) using the IRP 0x9c4060d0 gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
12/09/2022

CVE-2020-13511
Publication date:
18/12/2020
An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) using the IRP 0x9c4060d4 gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
12/09/2022

CVE-2020-13516
Publication date:
18/12/2020
An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406144 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
12/09/2022

CVE-2020-13517
Publication date:
18/12/2020
An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406104 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
12/09/2022

CVE-2020-13518
Publication date:
18/12/2020
An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c402084 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
12/09/2022

CVE-2020-12522
Publication date:
17/12/2020
The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions
Severity CVSS v4.0: Pending analysis
Last modification:
23/12/2020

CVE-2020-20139
Publication date:
17/12/2020
Cross Site Scripting (XSS) vulnerability in the Remote JSON component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.
Severity CVSS v4.0: Pending analysis
Last modification:
18/12/2020
Subscribe to Vulnerabilities