Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-8317
Publication date:
24/07/2020
A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
29/07/2020

CVE-2020-15860
Publication date:
24/07/2020
Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it was discovered that it is possible to access any host in the internal domain, even if it has no published applications or the mentioned host is no longer associated with that server farm.
Severity CVSS v4.0: Pending analysis
Last modification:
20/01/2023

CVE-2020-14297
Publication date:
24/07/2020
A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.
Severity CVSS v4.0: Pending analysis
Last modification:
29/12/2023

CVE-2020-14307
Publication date:
24/07/2020
A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2023

CVE-2020-15778
Publication date:
24/07/2020
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
Severity CVSS v4.0: Pending analysis
Last modification:
28/07/2025

CVE-2020-14175
Publication date:
24/07/2020
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2.
Severity CVSS v4.0: Pending analysis
Last modification:
27/07/2022

CVE-2020-15921
Publication date:
24/07/2020
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2022

CVE-2020-15922
Publication date:
24/07/2020
There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required.
Severity CVSS v4.0: Pending analysis
Last modification:
01/01/2022

CVE-2020-15924
Publication date:
24/07/2020
There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters.
Severity CVSS v4.0: Pending analysis
Last modification:
27/07/2020

CVE-2020-15923
Publication date:
24/07/2020
Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal.
Severity CVSS v4.0: Pending analysis
Last modification:
27/07/2020

CVE-2020-15920
Publication date:
24/07/2020
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.
Severity CVSS v4.0: Pending analysis
Last modification:
20/01/2023

CVE-2020-15919
Publication date:
24/07/2020
A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0.
Severity CVSS v4.0: Pending analysis
Last modification:
26/07/2020
Subscribe to Vulnerabilities