Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-11655
Publication date:
09/04/2020
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2022

CVE-2020-11656
Publication date:
09/04/2020
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2022

CVE-2020-11653
Publication date:
08/04/2020
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.
Severity CVSS v4.0: Pending analysis
Last modification:
29/11/2022

CVE-2020-11650
Publication date:
08/04/2020
An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1. It allows a denial of service. The login authentication component has no limits on the length of an authentication message or the rate at which such messages are sent.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-20637
Publication date:
08/04/2020
An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers.
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2022

CVE-2020-2732
Publication date:
08/04/2020
A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2020

CVE-2020-1627
Publication date:
08/04/2020
A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices may allow an attacker to cause a Denial of Service (DoS) by sending specific packets requiring special processing in microcode that the flow cache can't handle, causing the riot forwarding daemon to crash. By continuously sending the same specific packets, an attacker can repeatedly crash the riot process causing a sustained Denial of Service. Flow cache is specific to vMX based products and the MX150, and is enabled by default in performance mode. This issue can only be triggered by traffic destined to the device. Transit traffic will not cause the riot daemon to crash. When the issue occurs, a core dump and riot log file entry are generated. For example: /var/crash/core.J-UKERN.mpc0.1557255993.3864.gz /home/pfe/RIOT logs: fpc0 riot[1888]: PANIC in lu_reorder_send_packet_postproc(): fpc0 riot[6655]: PANIC in lu_reorder_send_packet_postproc(): This issue affects Juniper Networks Junos OS: 18.1 versions prior to 18.1R3 on vMX and MX150; 18.2 versions prior to 18.2R3 on vMX and MX150; 18.2X75 versions prior to 18.2X75-D60 on vMX and MX150; 18.3 versions prior to 18.3R3 on vMX and MX150; 18.4 versions prior to 18.4R2 on vMX and MX150; 19.1 versions prior to 19.1R2 on vMX and MX150. This issue does not affect Junos OS versions prior to 18.1R1.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-1634
Publication date:
08/04/2020
On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Subsequently, all FPCs in a chassis may reset causing a Denial of Service. This issue affects both IPv4 and IPv6. This issue affects: Juniper Networks Junos OS 12.3X48 version 12.3X48-D80 and later versions prior to 12.3X48-D95 on High-End SRX Series. This issue does not affect Branch SRX Series devices.
Severity CVSS v4.0: Pending analysis
Last modification:
22/11/2021

CVE-2020-1637
Publication date:
08/04/2020
A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy. This issue might occur when the IP address range configured in the Infranet Controller (IC) is configured as an IP address range instead of an IP address/netmask. See the Workaround section for more detail. The Junos OS Enforcer CLI settings are disabled by default. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D100; 15.1X49 versions prior to 15.1X49-D210; 17.3 versions prior to 17.3R2-S5, 17.3R3-S8; 17.4 versions prior to 17.4R2-S9, 17.4R3-S1; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R3-S2; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2-S1, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2.
Severity CVSS v4.0: Pending analysis
Last modification:
28/11/2021

CVE-2020-1628
Publication date:
08/04/2020
Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an EX4300 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. This issue affects Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D53 on EX4300; 15.1 versions prior to 15.1R7-S6 on EX4300; 15.1X49 versions prior to 15.1X49-D200, 15.1X49-D210 on EX4300; 16.1 versions prior to 16.1R7-S7 on EX4300; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on EX4300; 17.2 versions prior to 17.2R3-S3 on EX4300; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on EX4300; 17.4 versions prior to 17.4R2-S9, 17.4R3 on EX4300; 18.1 versions prior to 18.1R3-S8 on EX4300; 18.2 versions prior to 18.2R3-S2 on EX4300; 18.3 versions prior to 18.3R2-S3, 18.3R3, 18.3R3-S1 on EX4300; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on EX4300; 19.1 versions prior to 19.1R1-S4, 19.1R2 on EX4300; 19.2 versions prior to 19.2R1-S4, 19.2R2 on EX4300; 19.3 versions prior to 19.3R1-S1, 19.3R2 on EX4300.
Severity CVSS v4.0: Pending analysis
Last modification:
22/11/2021

CVE-2020-1629
Publication date:
08/04/2020
A race condition vulnerability on Juniper Network Junos OS devices may cause the routing protocol daemon (RPD) process to crash and restart while processing a BGP NOTIFICATION message. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.2 version 17.2R2 and later versions; 17.2X75 versions prior to 17.2X75-D105, 17.2X75-D110; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S3; 18.2X75 versions prior to 18.2X75-D410, 18.2X75-D420, 18.2X75-D50, 18.2X75-D60; 18.3 versions prior to 18.3R1-S5, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R2-S2, 18.4R3; 19.1 versions prior to 19.1R1-S2, 19.1R2; 19.2 versions prior to 19.2R1-S4, 19.2R2. This issue does not affect Juniper Networks Junos OS prior to version 16.1R1.
Severity CVSS v4.0: Pending analysis
Last modification:
25/04/2022

CVE-2020-1630
Publication date:
08/04/2020
A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. This issue does not affect Junos OS device with single RE or stand-alone configuration. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S14; 12.3X48 versions prior to 12.3X48-D86, 12.3X48-D90; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R4-S13, 16.1R7-S6; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S5, 18.2R3-S1; 18.2 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D420, 18.2X75-D60, 18.2X75-D411; 18.3 versions prior to 18.3R1-S5, 18.3R2-S1, 18.3R3; 18.4 versions prior to 18.4R1-S4, 18.4R2-S1, 18.4R3; 19.1 versions prior to 19.1R1-S2, 19.1R2; 19.2 versions prior to 19.2R1-S1, 19.2R2.
Severity CVSS v4.0: Pending analysis
Last modification:
22/11/2021
Subscribe to Vulnerabilities