Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-28005
Publication date:
18/11/2020
httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2020

CVE-2020-25406
Publication date:
18/11/2020
app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files.
Severity CVSS v4.0: Pending analysis
Last modification:
03/12/2020

CVE-2020-6016
Publication date:
18/11/2020
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the heap, resulting in a memory corruption and probably even a remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
21/10/2022

CVE-2020-28724
Publication date:
18/11/2020
Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2020

CVE-2020-7564
Publication date:
18/11/2020
A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2020

CVE-2020-7563
Publication date:
18/11/2020
A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2020

CVE-2020-7562
Publication date:
18/11/2020
A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2020

CVE-2020-28361
Publication date:
18/11/2020
Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue.
Severity CVSS v4.0: Pending analysis
Last modification:
03/12/2020

CVE-2020-24723
Publication date:
18/11/2020
Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1.
Severity CVSS v4.0: Pending analysis
Last modification:
27/12/2024

CVE-2020-28917
Publication date:
18/11/2020
An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2.0.1 for TYPO3. It saves all GET and POST data of TYPO3 frontend requests to the database. Depending on the extensions used on a TYPO3 website, sensitive data (e.g., cleartext passwords if ext:felogin is installed) may be saved.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2020

CVE-2020-28915
Publication date:
18/11/2020
A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.
Severity CVSS v4.0: Pending analysis
Last modification:
15/12/2020

CVE-2020-28183
Publication date:
17/11/2020
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php.
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2020
Subscribe to Vulnerabilities