Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-20519

Publication date:

12/04/2021

IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441.

Severity CVSS v4.0: Pending analysis

Last modification:

13/04/2021

CVE-2020-4920

Publication date:

12/04/2021

IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396.

Severity CVSS v4.0: Pending analysis

Last modification:

13/04/2021

CVE-2020-4964

Publication date:

12/04/2021

IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419.

Severity CVSS v4.0: Pending analysis

Last modification:

13/04/2021

CVE-2020-4965

Publication date:

12/04/2021

IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422.

Severity CVSS v4.0: Pending analysis

Last modification:

12/07/2022

CVE-2020-15734

Publication date:

12/04/2021

An Origin Validation Error vulnerability in Bitdefender Safepay allows an attacker to manipulate the browser&#39;s file upload capability into accessing other files in the same directory or sub-directories. This issue affects: Bitdefender Safepay versions prior to 25.0.7.29.

Severity CVSS v4.0: Pending analysis

Last modification:

21/04/2021

CVE-2020-7924

Publication date:

12/04/2021

Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0.

Severity CVSS v4.0: Pending analysis

Last modification:

16/09/2024

CVE-2021-27486

Publication date:

12/04/2021

FATEK Automation WinProladder Versions 3.30 and prior is vulnerable to an integer underflow, which may cause an out-of-bounds write and allow an attacker to execute arbitrary code.

Severity CVSS v4.0: Pending analysis

Last modification:

22/04/2021

CVE-2021-3465

Publication date:

12/04/2021

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2021-22190

Publication date:

12/04/2021

A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token

Severity CVSS v4.0: Pending analysis

Last modification:

20/04/2021

CVE-2021-24024

Publication date:

12/04/2021

A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users&#39; password in log files.

Severity CVSS v4.0: Pending analysis

Last modification:

16/04/2021

CVE-2020-15942

Publication date:

12/04/2021

An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet&#39;s FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile.

Severity CVSS v4.0: Pending analysis

Last modification:

28/06/2022

CVE-2019-17656

Publication date:

12/04/2021

A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.

Severity CVSS v4.0: Pending analysis

Last modification:

19/04/2021

Subscribe to Vulnerabilities