Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-24347
Publication date:
13/08/2020
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2022

CVE-2020-24343
Publication date:
13/08/2020
Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c.
Severity CVSS v4.0: Pending analysis
Last modification:
19/08/2020

CVE-2020-24344
Publication date:
13/08/2020
JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read.
Severity CVSS v4.0: Pending analysis
Last modification:
19/08/2020

CVE-2020-24345
Publication date:
13/08/2020
JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2024

CVE-2020-24342
Publication date:
13/08/2020
Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-24330
Publication date:
13/08/2020
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-24331
Publication date:
13/08/2020
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file (which contains various settings related to this daemon).
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-24332
Publication date:
13/08/2020
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-0261
Publication date:
13/08/2020
In C2 flame devices, there is a possible bypass of seccomp due to a missing configuration file. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146059841
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-17498
Publication date:
13/08/2020
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-14483
Publication date:
13/08/2020
A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct.
Severity CVSS v4.0: Pending analysis
Last modification:
19/08/2020

CVE-2020-11733
Publication date:
13/08/2020
An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metacharacters. The attacker can then, for example, read sensitive files such as appliance admin configuration source code. This affects Spirent TestCenter and Avalanche products which chassis version
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021
Subscribe to Vulnerabilities