Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-12773
Publication date:
08/06/2020
A security misconfiguration vulnerability exists in the SDK of some Realtek ADSL/PON Modem SoC firmware, which allows attackers using a default password to execute arbitrary commands remotely via the build-in network monitoring tool.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2020

CVE-2020-13912
Publication date:
07/06/2020
SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-13910
Publication date:
07/06/2020
Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2020

CVE-2020-13909
Publication date:
07/06/2020
The Ignition component before 2.0.5 for Laravel mishandles globals, _get, _post, _cookie, and _env. NOTE: in the 1.x series, versions 1.16.15 and later are unaffected as a consequence of the CVE-2021-43996 fix.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2021

CVE-2020-13904
Publication date:
07/06/2020
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-13902
Publication date:
07/06/2020
ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2020

CVE-2020-13897
Publication date:
07/06/2020
HESK before 3.1.10 allows reflected XSS.
Severity CVSS v4.0: Pending analysis
Last modification:
09/06/2020

CVE-2020-13894
Publication date:
07/06/2020
handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field.
Severity CVSS v4.0: Pending analysis
Last modification:
11/06/2020

CVE-2020-13895
Publication date:
07/06/2020
Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail.
Severity CVSS v4.0: Pending analysis
Last modification:
15/06/2020

CVE-2020-13890
Publication date:
06/06/2020
The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2020

CVE-2020-13889
Publication date:
06/06/2020
showAlert() in the administration panel in Bludit 3.12.0 allows XSS.
Severity CVSS v4.0: Pending analysis
Last modification:
09/06/2020

CVE-2020-13881
Publication date:
06/06/2020
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2022
Subscribe to Vulnerabilities