Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-8159
Publication date:
12/05/2020
There is a vulnerability in actionpack_page-caching gem
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-8154
Publication date:
12/05/2020
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-8155
Publication date:
12/05/2020
An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-8156
Publication date:
12/05/2020
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2020-8153
Publication date:
12/05/2020
Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-8151
Publication date:
12/05/2020
There is a possible information disclosure issue in Active Resource
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-11072
Publication date:
12/05/2020
In SLP Validate (npm package slp-validate) before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. This has been fixed in slp-validate in version 1.2.1. Additonally, slpjs version 0.27.2 has a related fix under related CVE-2020-11071.
Severity CVSS v4.0: Pending analysis
Last modification:
19/05/2020

CVE-2020-11071
Publication date:
12/05/2020
SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. This is fixed in version 0.27.2.
Severity CVSS v4.0: Pending analysis
Last modification:
19/05/2020

CVE-2020-10060
Publication date:
11/05/2020
In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions.
Severity CVSS v4.0: Pending analysis
Last modification:
18/10/2021

CVE-2020-10067
Publication date:
11/05/2020
A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.
Severity CVSS v4.0: Pending analysis
Last modification:
05/06/2020

CVE-2017-14200
Publication date:
11/05/2020
Rejected reason: Unused CVE for 2017
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-10025
Publication date:
11/05/2020
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10067. Reason: This candidate is a reservation duplicate of CVE-2020-10067. Notes: All CVE users should reference CVE-2020-10067 instead of this candidate
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities