Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-5208
Publication date:
05/02/2020
It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-5237
Publication date:
05/02/2020
Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem (potentially leading to arbitrary code execution) via the (1) filename parameter to BlueimpController.php; the (2) dzchunkindex, (3) dzuuid, or (4) filename parameter to DropzoneController.php; the (5) qqpartindex, (6) qqfilename, or (7) qquuid parameter to FineUploaderController.php; the (8) x-file-id or (9) x-file-name parameter to MooUploadController.php; or the (10) name or (11) chunk parameter to PluploadController.php. This is fixed in versions 1.9.3 and 2.1.5.
Severity CVSS v4.0: Pending analysis
Last modification:
30/12/2021

CVE-2020-8631
Publication date:
05/02/2020
cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2021

CVE-2015-2802
Publication date:
04/02/2020
An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
09/09/2021

CVE-2019-12528
Publication date:
04/02/2020
An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-10786
Publication date:
04/02/2020
network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync()" argument.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-10787
Publication date:
04/02/2020
im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-10788
Publication date:
04/02/2020
im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2020-8121
Publication date:
04/02/2020
A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.
Severity CVSS v4.0: Pending analysis
Last modification:
11/02/2020

CVE-2020-8122
Publication date:
04/02/2020
A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received.
Severity CVSS v4.0: Pending analysis
Last modification:
11/02/2020

CVE-2020-8124
Publication date:
04/02/2020
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2020

CVE-2020-8449
Publication date:
04/02/2020
An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities