Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2016-1000109
Publication date:
19/02/2020
HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. This issue affects HHVM versions prior to 3.9.6, all versions between 3.10.0 and 3.12.4 (inclusive), and all versions between 3.13.0 and 3.14.2 (inclusive).
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2020

CVE-2019-20477
Publication date:
19/02/2020
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-20478
Publication date:
19/02/2020
In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safe_load in these use cases.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2015-0749
Publication date:
19/02/2020
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information.
Severity CVSS v4.0: Pending analysis
Last modification:
21/02/2020

CVE-2011-2054
Publication date:
19/02/2020
A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker must have the correct primary credentials in order to successfully exploit this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2015-9543
Publication date:
19/02/2020
An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2020

CVE-2018-16994
Publication date:
18/02/2020
An issue was discovered on PHOENIX CONTACT AXL F BK PN
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2020-8633
Publication date:
18/02/2020
An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible.
Severity CVSS v4.0: Pending analysis
Last modification:
25/02/2020

CVE-2020-7796
Publication date:
18/02/2020
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2026

CVE-2020-9271
Publication date:
18/02/2020
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php.
Severity CVSS v4.0: Pending analysis
Last modification:
19/02/2020

CVE-2020-9270
Publication date:
18/02/2020
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php.
Severity CVSS v4.0: Pending analysis
Last modification:
19/02/2020

CVE-2020-9268
Publication date:
18/02/2020
SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring.
Severity CVSS v4.0: Pending analysis
Last modification:
19/02/2020
Subscribe to Vulnerabilities