Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-11674
Publication date:
29/04/2020
Cerner medico 26.00 allows variable reuse, possibly causing data corruption.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-11446
Publication date:
29/04/2020
ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege escalation.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-4288
Publication date:
29/04/2020
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160631.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-10797
Publication date:
29/04/2020
An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version. After passing inputs to the command and executing this command, the $result variable is not sanitized before it is printed.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2020

CVE-2019-4286
Publication date:
29/04/2020
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160514.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-20781
Publication date:
29/04/2020
An issue was discovered in LG Bridge before April 2019 on Windows. DLL Hijacking can occur.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2017-18860
Publication date:
29/04/2020
Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2.19 and earlier, GS108Tv2 5.4.2.29 and earlier, GS110TP 5.4.2.29 and earlier, GS418TPP 6.6.2.6 and earlier, GS510TLP 6.6.2.6 and earlier, GS510TP 5.04.2.27 and earlier, GS510TPP 6.6.2.6 and earlier, GS716Tv2 5.4.2.27 and earlier, GS716Tv3 6.3.1.16 and earlier, GS724Tv3 5.4.2.27 and earlier, GS724Tv4 6.3.1.16 and earlier, GS728TPSB 5.3.0.29 and earlier, GS728TSB 5.3.0.29 and earlier, GS728TXS 6.1.0.35 and earlier, GS748Tv4 5.4.2.27 and earlier, GS748Tv5 6.3.1.16 and earlier, GS752TPSB 5.3.0.29 and earlier, GS752TSB 5.3.0.29 and earlier, GS752TXS 6.1.0.35 and earlier, M4200 12.0.2.10 and earlier, M4300 12.0.2.10 and earlier, M5300 11.0.0.28 and earlier, M6100 11.0.0.28 and earlier, M7100 11.0.0.28 and earlier, S3300 6.6.1.4 and earlier, XS708T 6.6.0.11 and earlier, XS712T 6.1.0.34 and earlier, and XS716T 6.6.0.11 and earlier.
Severity CVSS v4.0: Pending analysis
Last modification:
04/01/2022

CVE-2019-16653
Publication date:
29/04/2020
An application plugin in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated users to gain admin privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2018-21232
Publication date:
29/04/2020
re2c before 2.0 has uncontrolled recursion that causes stack consumption in find_fixed_tags.
Severity CVSS v4.0: Pending analysis
Last modification:
14/05/2020

CVE-2017-18855
Publication date:
29/04/2020
NETGEAR WNR854T devices before 1.5.2 are affected by command execution.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2020

CVE-2017-18856
Publication date:
29/04/2020
NETGEAR ReadyNAS devices before 6.6.1 are affected by command injection.
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2020

CVE-2017-18854
Publication date:
29/04/2020
NETGEAR ReadyNAS 6.6.1 and earlier is affected by command injection.
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2020
Subscribe to Vulnerabilities