Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-8474

Publication date:

22/04/2020

Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction.

Severity CVSS v4.0: Pending analysis

Last modification:

30/04/2020

CVE-2020-8477

Publication date:

22/04/2020

The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code.

Severity CVSS v4.0: Pending analysis

Last modification:

30/04/2020

CVE-2020-4085

Publication date:

22/04/2020

"HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local user."

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2019-19104

Publication date:

22/04/2020

The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (URL) , violating the access-control (ACL) rules. This issue allows obtaining sensitive information that may aid in further attacks and privilege escalation.

Severity CVSS v4.0: Pending analysis

Last modification:

03/11/2021

CVE-2018-21115

Publication date:

22/04/2020

NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers.

Severity CVSS v4.0: Pending analysis

Last modification:

23/04/2020

CVE-2018-21117

Publication date:

22/04/2020

NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers via the traceroute handler.

Severity CVSS v4.0: Pending analysis

Last modification:

23/04/2020

CVE-2018-21116

Publication date:

22/04/2020

NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers.

Severity CVSS v4.0: Pending analysis

Last modification:

23/04/2020

CVE-2018-21113

Publication date:

22/04/2020

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.42, R6100 before 1.0.1.28, R7500 before 1.0.0.130, R7500v2 before 1.0.3.36, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, and WNDR4500v3 before 1.0.0.56.

Severity CVSS v4.0: Pending analysis

Last modification:

24/04/2020

CVE-2018-21114

Publication date:

22/04/2020

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, EX6150v2 before 1.0.1.70, EX6100v2 before 1.0.1.70, EX6200v2 before 1.0.1.64, EX7300 before 1.0.2.136, EX6400 before 1.0.2.136, R6100 before 1.0.1.16, R7500 before 1.0.0.110, R7800 before 1.0.2.32, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.52, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

Severity CVSS v4.0: Pending analysis

Last modification:

24/04/2020

CVE-2018-21112

Publication date:

22/04/2020

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, and R9000 before 1.0.4.12.

Severity CVSS v4.0: Pending analysis

Last modification:

23/04/2020

CVE-2018-21111

Publication date:

22/04/2020

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.60, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.66.

Severity CVSS v4.0: Pending analysis

Last modification:

27/04/2020

CVE-2017-18786

Publication date:

22/04/2020

Certain NETGEAR devices are affected by command injection. This affects D6200 before 1.1.00.24, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6050 before 1.0.1.12, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

Severity CVSS v4.0: Pending analysis

Last modification:

27/04/2020

Subscribe to Vulnerabilities