Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-4434

Publication date:

10/06/2020

Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180900.

Severity CVSS v4.0: Pending analysis

Last modification:

15/06/2020

CVE-2020-4436

Publication date:

10/06/2020

Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a service. IBM X-Force ID: 180902.

Severity CVSS v4.0: Pending analysis

Last modification:

15/06/2020

CVE-2020-6246

Publication date:

10/06/2020

SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

16/06/2020

CVE-2020-6260

Publication date:

10/06/2020

SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. The application shows additional data that do not actually exist.

Severity CVSS v4.0: Pending analysis

Last modification:

16/06/2020

CVE-2020-4433

Publication date:

10/06/2020

Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of root or cause server to crash. IBM X-Force ID: 180814.

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2020-4435

Publication date:

10/06/2020

Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180901.

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2020-6239

Publication date:

10/06/2020

Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure.

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2020-4432

Publication date:

10/06/2020

Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API. IBM X-Force ID: 180810.

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2019-4576

Publication date:

10/06/2020

IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and 7.4.0 GA does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166803.

Severity CVSS v4.0: Pending analysis

Last modification:

16/06/2020

CVE-2019-3585

Publication date:

10/06/2020

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2019-3588

Publication date:

10/06/2020

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2020-7280

Publication date:

10/06/2020

Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. This is timing dependent.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

Subscribe to Vulnerabilities