Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-15269

Publication date:

20/10/2020

In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory.

Severity CVSS v4.0: Pending analysis

Last modification:

18/11/2021

CVE-2020-15931

Publication date:

20/10/2020

Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in its installation state) by generating a single Kerberos Pre-Authentication Failed (ID 4771) event on a Domain Controller.

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2019-9080

Publication date:

20/10/2020

DomainMOD before 4.14.0 uses MD5 without a salt for password storage.

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2020-24765

Publication date:

20/10/2020

InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request.

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2020-7370

Publication date:

20/10/2020

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of Danyil Vasilenko&#39;s Bolt Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the Bolt Browser version 1.4 and prior versions.

Severity CVSS v4.0: Pending analysis

Last modification:

21/10/2020

CVE-2020-7369

Publication date:

20/10/2020

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the Yandex Browser version 20.8.3 and prior versions, and was fixed in version 20.8.4 released October 1, 2020.

Severity CVSS v4.0: Pending analysis

Last modification:

21/10/2020

CVE-2020-3995

Publication date:

20/10/2020

In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigger a memory leak issue resulting in memory resource exhaustion on the hypervisor if the attack is sustained for extended periods of time.

Severity CVSS v4.0: Pending analysis

Last modification:

30/10/2020

CVE-2020-7371

Publication date:

20/10/2020

Severity CVSS v4.0: Pending analysis

Last modification:

29/10/2020

CVE-2020-7363

Publication date:

20/10/2020

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb&#39;s UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb&#39;s UC Browser version 13.0.8 and prior versions.

Severity CVSS v4.0: Pending analysis

Last modification:

28/10/2020

CVE-2020-7364

Publication date:

20/10/2020

Severity CVSS v4.0: Pending analysis

Last modification:

28/10/2020

CVE-2020-3993

Publication date:

20/10/2020

VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node.

Severity CVSS v4.0: Pending analysis

Last modification:

13/08/2025

CVE-2020-3982

Publication date:

20/10/2020

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine&#39;s vmx process or corrupt hypervisor&#39;s memory heap.

Severity CVSS v4.0: Pending analysis

Last modification:

30/10/2020

Subscribe to Vulnerabilities