Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-11758
Publication date:
14/04/2020
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-11759
Publication date:
14/04/2020
An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-11765
Publication date:
14/04/2020
An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-11760
Publication date:
14/04/2020
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-11761
Publication date:
14/04/2020
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-11762
Publication date:
14/04/2020
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-11763
Publication date:
14/04/2020
An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-11764
Publication date:
14/04/2020
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-11003
Publication date:
14/04/2020
Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vulnerability. If you're running a vulnerable application on your computer and an attacker can trick you into visiting a malicious website, they could use DNS rebinding and CSRF attacks to read/write to vulnerable applications. This has been patched in 2.15.0.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2020

CVE-2020-11005
Publication date:
14/04/2020
The WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello), before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication. If the library is used to encrypt text and write the output to a txt file, another executable could be able to decrypt the text using the static method NCryptDecrypt from this same library without the need to use Windows Hello Authentication again. This has been patched in version 1.0.4.
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2020

CVE-2020-11001
Publication date:
14/04/2020
In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision<br /> comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail<br /> admin could potentially craft a page revision history that, when viewed by a user with higher privileges, could perform<br /> actions with that user&amp;#39;s credentials. The vulnerability is not exploitable by an ordinary site visitor without access to<br /> the Wagtail admin.<br /> <br /> Patched versions have been released as Wagtail 2.7.2 (for the LTS 2.7 branch) and Wagtail 2.8.1 (for the current 2.8 branch).
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2024

CVE-2020-8324
Publication date:
14/04/2020
A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2020
Subscribe to Vulnerabilities