Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-16116
Publication date:
03/08/2020
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-8575
Publication date:
03/08/2020
Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS).
Severity CVSS v4.0: Pending analysis
Last modification:
09/08/2020

CVE-2020-8574
Publication date:
03/08/2020
Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users.
Severity CVSS v4.0: Pending analysis
Last modification:
12/08/2020

CVE-2020-16272
Publication date:
03/08/2020
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database via an A=0 WebSocket connection.
Severity CVSS v4.0: Pending analysis
Last modification:
07/08/2020

CVE-2020-16271
Publication date:
03/08/2020
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection.
Severity CVSS v4.0: Pending analysis
Last modification:
07/08/2020

CVE-2020-12739
Publication date:
03/08/2020
A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-14319
Publication date:
03/08/2020
It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF) which is exploitable in cases where preflight checks are not instigated or bypassed. For example authorised users using an older browser with Adobe Flash are vulnerable when targeted by an attacker. This flaw affects all versions of AMQ-Online prior to 1.5.2 and Enmasse versions 0.31.0-rc1 up until but not including 0.32.2.
Severity CVSS v4.0: Pending analysis
Last modification:
12/08/2020

CVE-2020-13820
Publication date:
03/08/2020
Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-16131
Publication date:
03/08/2020
Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2020

CVE-2020-16269
Publication date:
03/08/2020
radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2015-9549
Publication date:
03/08/2020
A reflected Cross-site Scripting (XSS) vulnerability exists in OcPortal 9.0.20 via the OCF_EMOTICON_CELL.tpl FIELD_NAME field to data/emoticons.php.
Severity CVSS v4.0: Pending analysis
Last modification:
10/11/2020

CVE-2019-19453
Publication date:
03/08/2020
Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2). An authenticated user, with access to the proxy license editing is able to insert a malicious payload that will be triggered in the main page of server settings. This issue was resolved in Wowza Streaming Engine 4.8.5.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2023
Subscribe to Vulnerabilities