Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-12142
Publication date:
05/05/2020
1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-11495
Publication date:
05/05/2020
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-8829
Publication date:
05/05/2020
CSRF on Intelbras CIP 92200 devices allows an attacker to access the panel and perform scraping or other analysis.
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2020

CVE-2020-8033
Publication date:
05/05/2020
Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field.
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2020

CVE-2020-7983
Publication date:
05/05/2020
A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2020

CVE-2019-19517
Publication date:
05/05/2020
Intelbras RF1200 1.1.3 devices allow CSRF to bypass the login.html form, as demonstrated by launching a scrapy process.
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2020

CVE-2020-5517
Publication date:
05/05/2020
CSRF in the /login URI in BlueOnyx 5209R allows an attacker to access the dashboard and perform scraping or other analysis.
Severity CVSS v4.0: Pending analysis
Last modification:
29/11/2022

CVE-2020-8830
Publication date:
05/05/2020
CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-19515
Publication date:
05/05/2020
Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in wireless settings.
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2020

CVE-2019-19514
Publication date:
05/05/2020
Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in basic repeater settings via an SSID.
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2020

CVE-2020-8799
Publication date:
05/05/2020
A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Once the administrator has submitted the data, the script stored is executed for all the users visiting the website.
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2020

CVE-2020-12104
Publication date:
05/05/2020
The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any validation.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2024
Subscribe to Vulnerabilities