Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-18765
Publication date:
22/04/2020
Certain NETGEAR devices are affected by denial of service. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R6700 before 1.0.1.20, R6900 before 1.0.1.20, WNR3500Lv2 before 1.2.0.44, and WNR2000v2 before 1.2.0.8.
Severity CVSS v4.0: Pending analysis
Last modification:
27/04/2020

CVE-2019-19106
Publication date:
22/04/2020
Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profiles and application settings.
Severity CVSS v4.0: Pending analysis
Last modification:
14/09/2021

CVE-2019-19107
Publication date:
22/04/2020
The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed).
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2021

CVE-2019-19105
Publication date:
22/04/2020
The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration's credentials in plaintext.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2020

CVE-2020-8474
Publication date:
22/04/2020
Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction.
Severity CVSS v4.0: Pending analysis
Last modification:
30/04/2020

CVE-2020-8477
Publication date:
22/04/2020
The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
30/04/2020

CVE-2020-4085
Publication date:
22/04/2020
"HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local user."
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-19104
Publication date:
22/04/2020
The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (URL) , violating the access-control (ACL) rules. This issue allows obtaining sensitive information that may aid in further attacks and privilege escalation.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2021

CVE-2018-21112
Publication date:
22/04/2020
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, and R9000 before 1.0.4.12.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2020

CVE-2018-21113
Publication date:
22/04/2020
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.42, R6100 before 1.0.1.28, R7500 before 1.0.0.130, R7500v2 before 1.0.3.36, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, and WNDR4500v3 before 1.0.0.56.
Severity CVSS v4.0: Pending analysis
Last modification:
24/04/2020

CVE-2018-21114
Publication date:
22/04/2020
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, EX6150v2 before 1.0.1.70, EX6100v2 before 1.0.1.70, EX6200v2 before 1.0.1.64, EX7300 before 1.0.2.136, EX6400 before 1.0.2.136, R6100 before 1.0.1.16, R7500 before 1.0.0.110, R7800 before 1.0.2.32, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.52, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.
Severity CVSS v4.0: Pending analysis
Last modification:
24/04/2020

CVE-2018-21115
Publication date:
22/04/2020
NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2020
Subscribe to Vulnerabilities