Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-8615
Publication date:
04/02/2020
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).
Severity CVSS v4.0: Pending analysis
Last modification:
01/01/2022

CVE-2020-8123
Publication date:
04/02/2020
A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.
Severity CVSS v4.0: Pending analysis
Last modification:
06/02/2020

CVE-2020-8125
Publication date:
04/02/2020
Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona.
Severity CVSS v4.0: Pending analysis
Last modification:
06/02/2020

CVE-2020-8450
Publication date:
04/02/2020
An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-8517
Publication date:
04/02/2020
An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-8120
Publication date:
04/02/2020
A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2023

CVE-2020-8119
Publication date:
04/02/2020
Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app.
Severity CVSS v4.0: Pending analysis
Last modification:
16/02/2020

CVE-2020-8115
Publication date:
04/02/2020
A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver
Severity CVSS v4.0: Pending analysis
Last modification:
11/02/2020

CVE-2020-8117
Publication date:
04/02/2020
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.
Severity CVSS v4.0: Pending analysis
Last modification:
06/02/2020

CVE-2020-6060
Publication date:
04/02/2020
A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. A specially timed sequence of SNMP connections can trigger a stack overflow, resulting in a denial of service. To trigger this vulnerability, an attacker needs to simply initiate multiple connections to the server.
Severity CVSS v4.0: Pending analysis
Last modification:
07/06/2022

CVE-2020-8118
Publication date:
04/02/2020
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2021

CVE-2020-8116
Publication date:
04/02/2020
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2022
Subscribe to Vulnerabilities