Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-24387
Publication date:
19/10/2020
An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would lead to out-of-bounds read and write operations in the session array. This could be used by an attacker to cause a denial of service attack.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-24388
Publication date:
19/10/2020
An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash the running process. This could be used by an attacker to cause a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-24375
Publication date:
19/10/2020
A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.
Severity CVSS v4.0: Pending analysis
Last modification:
27/10/2020

CVE-2020-11496
Publication date:
19/10/2020
Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access to local configuration files can therefore insert malicious commands that are executed after compiling them to valid parameter files (“PDLs”), transferring them to the device, and restarting the device.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-15822
Publication date:
19/10/2020
In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.
Severity CVSS v4.0: Pending analysis
Last modification:
22/10/2020

CVE-2020-7195
Publication date:
19/10/2020
A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
Severity CVSS v4.0: Pending analysis
Last modification:
21/10/2020

CVE-2020-7194
Publication date:
19/10/2020
A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
Severity CVSS v4.0: Pending analysis
Last modification:
21/10/2020

CVE-2020-7193
Publication date:
19/10/2020
A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
Severity CVSS v4.0: Pending analysis
Last modification:
21/10/2020

CVE-2020-7180
Publication date:
19/10/2020
A ictexpertdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
Severity CVSS v4.0: Pending analysis
Last modification:
21/10/2020

CVE-2020-7178
Publication date:
19/10/2020
A mediaforaction expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
Severity CVSS v4.0: Pending analysis
Last modification:
21/10/2020

CVE-2020-7179
Publication date:
19/10/2020
A thirdpartyperfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
Severity CVSS v4.0: Pending analysis
Last modification:
21/10/2020

CVE-2020-7177
Publication date:
19/10/2020
A wmiconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
Severity CVSS v4.0: Pending analysis
Last modification:
21/10/2020
Subscribe to Vulnerabilities