Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-5569
Publication date:
20/04/2020
An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. Since it registers Windows services with unquoted file paths, when a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service.
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2020

CVE-2020-11930
Publication date:
20/04/2020
The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.
Severity CVSS v4.0: Pending analysis
Last modification:
19/05/2020

CVE-2020-11928
Publication date:
20/04/2020
In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or date_query parameter in mla_gallery via an admin.
Severity CVSS v4.0: Pending analysis
Last modification:
07/08/2023

CVE-2019-20786
Publication date:
19/04/2020
handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2020

CVE-2020-11895
Publication date:
19/04/2020
Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) in the function decompileIF() in decompile.c.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2020

CVE-2020-11894
Publication date:
19/04/2020
Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) in the function decompileIF() in decompile.c.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2020

CVE-2020-11887
Publication date:
17/04/2020
svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an SVG document.
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2020

CVE-2020-11885
Publication date:
17/04/2020
WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an uploaded file.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-11886
Publication date:
17/04/2020
OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or snmpParmValue to addCriteriaForSnmpParm. This affects Horizon before 25.2.1, Meridian 2019 before 2019.1.4, Meridian 2018 before 2018.1.16, and Meridian 2017 before 2017.1.21.
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2020

CVE-2020-5737
Publication date:
17/04/2020
Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session. Updated input validation techniques have been implemented to correct this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2020

CVE-2020-5733
Publication date:
17/04/2020
In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows the export of potentially sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2020

CVE-2020-5732
Publication date:
17/04/2020
In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows unauthenticated users to use a feature typically restricted to administrators.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2020
Subscribe to Vulnerabilities