Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2014-3979
Publication date:
27/01/2020
Bytemark Symbiosis allows remote attackers to cause a denial of service via a crafted username, which triggers the firewall to blacklist the IP.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2020

CVE-2013-7390
Publication date:
27/01/2020
Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2020

CVE-2013-4770
Publication date:
27/01/2020
Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
29/01/2020

CVE-2014-7302
Publication date:
27/01/2020
SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2020

CVE-2014-7301
Publication date:
27/01/2020
SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2020

CVE-2020-7950
Publication date:
27/01/2020
meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a vulnerable function call.
Severity CVSS v4.0: Pending analysis
Last modification:
27/01/2020

CVE-2020-7949
Publication date:
27/01/2020
schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call.
Severity CVSS v4.0: Pending analysis
Last modification:
27/01/2020

CVE-2019-17096
Publication date:
27/01/2020
A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2020

CVE-2019-19825
Publication date:
27/01/2020
On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform router actions via HTTP requests with Basic Authentication.) This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2020

CVE-2020-7238
Publication date:
27/01/2020
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-7952
Publication date:
27/01/2020
rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption.
Severity CVSS v4.0: Pending analysis
Last modification:
29/01/2020

CVE-2020-7951
Publication date:
27/01/2020
meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021
Subscribe to Vulnerabilities