Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2013-2570
Publication date:
29/01/2020
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2020

CVE-2013-2569
Publication date:
29/01/2020
A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6.3 because the RTSP protocol authentication is disabled by default, which could let a malicious user obtain unauthorized access to the live video stream.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2020

CVE-2013-2568
Publication date:
29/01/2020
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2020

CVE-2020-8416
Publication date:
29/01/2020
IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large volume of connections to the PASV mode port.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2013-2567
Publication date:
29/01/2020
An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2020

CVE-2020-2106
Publication date:
29/01/2020
Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2023

CVE-2020-2108
Publication date:
29/01/2020
Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2020-2107
Publication date:
29/01/2020
Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2020-2099
Publication date:
29/01/2020
Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating those agents.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2020-2100
Publication date:
29/01/2020
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2020-2101
Publication date:
29/01/2020
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2020-2102
Publication date:
29/01/2020
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023
Subscribe to Vulnerabilities