Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-9084

Publication date:

18/09/2020

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service.

Severity CVSS v4.0: Pending analysis

Last modification:

29/09/2020

CVE-2020-16230

Publication date:

18/09/2020

All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerability, allowing the attacker to retrieve limited confidential information through sniffing.

Severity CVSS v4.0: Pending analysis

Last modification:

22/11/2021

CVE-2020-7945

Publication date:

18/09/2020

Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1.

Severity CVSS v4.0: Pending analysis

Last modification:

30/09/2020

CVE-2020-16247

Publication date:

18/09/2020

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Severity CVSS v4.0: Pending analysis

Last modification:

04/06/2025

CVE-2020-16200

Publication date:

18/09/2020

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Severity CVSS v4.0: Pending analysis

Last modification:

04/06/2025

CVE-2020-25766

Publication date:

18/09/2020

An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.

Severity CVSS v4.0: Pending analysis

Last modification:

27/09/2020

CVE-2020-3979

Publication date:

18/09/2020

InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which could result in code execution with the security scope of the installer.

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2020-15181

Publication date:

18/09/2020

The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin&#39;s access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0

Severity CVSS v4.0: Pending analysis

Last modification:

18/11/2021

CVE-2020-14506

Publication date:

18/09/2020

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.

Severity CVSS v4.0: Pending analysis

Last modification:

04/06/2025

CVE-2020-14525

Publication date:

18/09/2020

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users.

Severity CVSS v4.0: Pending analysis

Last modification:

04/06/2025

CVE-2020-16198

Publication date:

18/09/2020

When an attacker claims to have a given identity, Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not prove or insufficiently proves the claim is correct.

Severity CVSS v4.0: Pending analysis

Last modification:

04/06/2025

CVE-2020-14029

Publication date:

18/09/2020

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files.

Severity CVSS v4.0: Pending analysis

Last modification:

26/09/2020

Subscribe to Vulnerabilities