Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-5333

Publication date:

04/05/2020

RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized information.

Severity CVSS v4.0: Pending analysis

Last modification:

17/07/2020

CVE-2020-10618

Publication date:

04/05/2020

LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users.

Severity CVSS v4.0: Pending analysis

Last modification:

14/09/2021

CVE-2020-10622

Publication date:

04/05/2020

LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users

Severity CVSS v4.0: Pending analysis

Last modification:

06/05/2020

CVE-2020-1732

Publication date:

04/05/2020

A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2020-12109

Publication date:

04/05/2020

Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.

Severity CVSS v4.0: Pending analysis

Last modification:

20/01/2023

CVE-2020-12642

Publication date:

04/05/2020

An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import.

Severity CVSS v4.0: Pending analysis

Last modification:

07/05/2020

CVE-2017-18753

Publication date:

04/05/2020

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-20734, CVE-2017-18864. Reason: this candidate was intended for one issue, but the description and references inadvertently combined multiple issues. Notes: All CVE users should consult CVE-2019-20734 and CVE-2017-18864 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2017-18760

Publication date:

04/05/2020

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-20732, CVE-2017-18865. Reason: this candidate was intended for one issue, but the description and references inadvertently combined multiple issues. Notes: All CVE users should consult CVE-2019-20732 and CVE-2017-18865 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2017-18771

Publication date:

04/05/2020

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-20738, CVE-2017-18866. Reason: this candidate was intended for one issue, but the description and references inadvertently combined multiple issues. Notes: All CVE users should consult CVE-2019-20738 and CVE-2017-18866 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2017-18774

Publication date:

04/05/2020

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-21139, CVE-2017-18867. Reason: this candidate was intended for one issue, but the description and references inadvertently combined multiple issues. Notes: All CVE users should consult CVE-2018-21139 and CVE-2017-18867 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2020-12640

Publication date:

04/05/2020

Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.

Severity CVSS v4.0: Pending analysis

Last modification:

02/09/2022