Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-11483
Publication date:
29/10/2020
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may lead to elevation of privileges or information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
05/11/2020

CVE-2020-27986
Publication date:
28/10/2020
SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2024

CVE-2020-27981
Publication date:
28/10/2020
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-24711
Publication date:
28/10/2020
The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack
Severity CVSS v4.0: Pending analysis
Last modification:
30/10/2020

CVE-2020-24707
Publication date:
28/10/2020
Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content.
Severity CVSS v4.0: Pending analysis
Last modification:
30/10/2020

CVE-2020-24713
Publication date:
28/10/2020
Gophish through 0.10.1 does not invalidate the gophish cookie upon logout.
Severity CVSS v4.0: Pending analysis
Last modification:
30/10/2020

CVE-2020-24710
Publication date:
28/10/2020
Gophish before 0.11.0 allows SSRF attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
30/10/2020

CVE-2020-24712
Publication date:
28/10/2020
Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page.
Severity CVSS v4.0: Pending analysis
Last modification:
30/10/2020

CVE-2020-24708
Publication date:
28/10/2020
Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form.
Severity CVSS v4.0: Pending analysis
Last modification:
29/10/2020

CVE-2020-24709
Publication date:
28/10/2020
Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template.
Severity CVSS v4.0: Pending analysis
Last modification:
29/10/2020

CVE-2020-25374
Publication date:
28/10/2020
CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-27742
Publication date:
28/10/2020
An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msg_confirm_move template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2020
Subscribe to Vulnerabilities