Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-14240
Publication date:
05/11/2020
HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2020

CVE-2020-25398
Publication date:
05/11/2020
CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality.
Severity CVSS v4.0: Pending analysis
Last modification:
12/11/2020

CVE-2020-26506
Publication date:
05/11/2020
An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed files were not visible by the low privileged users in the web GUI.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-25399
Publication date:
05/11/2020
Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-28115
Publication date:
05/11/2020
SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
10/11/2020

CVE-2020-28047
Publication date:
05/11/2020
AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). If the recommended security configuration parameter "unique_error_numbers" is not set, remote attackers can inject arbitrary web script or HTML via 'action, cargo, panel' parameters that can lead to data leakage.
Severity CVSS v4.0: Pending analysis
Last modification:
10/11/2020

CVE-2020-27955
Publication date:
05/11/2020
Git LFS 2.12.0 allows Remote Code Execution.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2021

CVE-2020-27688
Publication date:
05/11/2020
RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The accounts used in the configuration files have access to vSphere instances.
Severity CVSS v4.0: Pending analysis
Last modification:
13/11/2020

CVE-2020-27402
Publication date:
05/11/2020
The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2021

CVE-2020-24849
Publication date:
05/11/2020
A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-17317.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-15952
Publication date:
05/11/2020
Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immuta users to steal credentials or force actions on authenticated users through reflected, DOM-based XSS.
Severity CVSS v4.0: Pending analysis
Last modification:
12/11/2020

CVE-2020-15951
Publication date:
05/11/2020
Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker could leverage this to redirect application users to a phishing website in an attempt to steal credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021
Subscribe to Vulnerabilities