Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-4366

Publication date:

02/06/2020

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178965.

Severity CVSS v4.0: Pending analysis

Last modification:

02/06/2020

CVE-2020-4360

Publication date:

02/06/2020

Severity CVSS v4.0: Pending analysis

Last modification:

02/06/2020

CVE-2020-10959

Publication date:

02/06/2020

resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.

Severity CVSS v4.0: Pending analysis

Last modification:

02/06/2020

CVE-2020-13228

Publication date:

02/06/2020

An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

15/06/2020

CVE-2020-13659

Publication date:

02/06/2020

address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.

Severity CVSS v4.0: Pending analysis

Last modification:

16/11/2022

CVE-2020-10739

Publication date:

02/06/2020

Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. This could be sent to the ingress gateway or a sidecar, triggering a null pointer exception which results in a denial of service. This also affects servicemesh-proxy where a null pointer exception flaw was found in servicemesh-proxy. When running Telemetry v2 (not on by default in version 1.4.x), an attacker could send a specially crafted packet to the ingress gateway or proxy sidecar, triggering a denial of service.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2020-10703

Publication date:

02/06/2020

A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service.

Severity CVSS v4.0: Pending analysis

Last modification:

01/04/2024

CVE-2020-10136

Publication date:

02/06/2020

IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.

Severity CVSS v4.0: Pending analysis

Last modification:

03/11/2025

CVE-2020-13757

Publication date:

01/06/2020

Python-RSA before 4.1 ignores leading &#39;\0&#39; bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2020-13758

Publication date:

01/06/2020

modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload.

Severity CVSS v4.0: Pending analysis

Last modification:

02/06/2020

CVE-2020-9291

Publication date:

01/06/2020

An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2021

CVE-2019-15709

Publication date:

01/06/2020

An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI.

Severity CVSS v4.0: Pending analysis

Last modification:

03/06/2020

Subscribe to Vulnerabilities