Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-7259
Publication date:
15/04/2020
Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-7261
Publication date:
15/04/2020
Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-7273
Publication date:
15/04/2020
Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-7274
Publication date:
15/04/2020
Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges).
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-7257
Publication date:
15/04/2020
Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. This is timing dependent.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-7278
Publication date:
15/04/2020
Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-10514
Publication date:
15/04/2020
iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command.
Severity CVSS v4.0: Pending analysis
Last modification:
03/05/2022

CVE-2020-3932
Publication date:
15/04/2020
A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may cause information leakage.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-10511
Publication date:
15/04/2020
HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAILN before olln-base-5.0-418.i386.rpm contains insecure configurations. Attackers can exploit these flaws to access unauthorized functionality via a crafted URL.
Severity CVSS v4.0: Pending analysis
Last modification:
03/05/2022

CVE-2020-10513
Publication date:
15/04/2020
The file management interface of iCatch DVR firmware before 20200103 contains broken access control which allows the attacker to remotely manipulate arbitrary file.
Severity CVSS v4.0: Pending analysis
Last modification:
03/05/2022

CVE-2020-10505
Publication date:
15/04/2020
The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password.
Severity CVSS v4.0: Pending analysis
Last modification:
30/04/2020

CVE-2020-10506
Publication date:
15/04/2020
The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files.
Severity CVSS v4.0: Pending analysis
Last modification:
30/04/2020
Subscribe to Vulnerabilities