Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-28367
Publication date:
18/11/2020
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-28091
Publication date:
18/11/2020
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2020

CVE-2020-26554
Publication date:
18/11/2020
REDDOXX MailDepot 2033 (aka 2.3.3022) allows XSS via an incoming HTML e-mail message.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2020

CVE-2020-26933
Publication date:
18/11/2020
Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack.
Severity CVSS v4.0: Pending analysis
Last modification:
07/12/2020

CVE-2020-28366
Publication date:
18/11/2020
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-28362
Publication date:
18/11/2020
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-26884
Publication date:
18/11/2020
RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user into executing malicious JavaScript code in the context of the web application.
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2020

CVE-2020-24297
Publication date:
18/11/2020
httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Fixed version: TL-WPA4220(EU)_V4_201023
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2020

CVE-2020-28005
Publication date:
18/11/2020
httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2020

CVE-2020-25406
Publication date:
18/11/2020
app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files.
Severity CVSS v4.0: Pending analysis
Last modification:
03/12/2020

CVE-2020-6016
Publication date:
18/11/2020
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the heap, resulting in a memory corruption and probably even a remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
21/10/2022

CVE-2020-28724
Publication date:
18/11/2020
Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2020
Subscribe to Vulnerabilities