Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-27628
Publication date:
16/11/2020
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.
Severity CVSS v4.0: Pending analysis
Last modification:
23/11/2020

CVE-2020-25013
Publication date:
16/11/2020
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2020

CVE-2020-25207
Publication date:
16/11/2020
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2020

CVE-2020-27459
Publication date:
16/11/2020
Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-24366
Publication date:
16/11/2020
Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-25209
Publication date:
16/11/2020
In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-25210
Publication date:
16/11/2020
In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-8897
Publication date:
16/11/2020
A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM (and other AEAD ciphers such as AES-GCM-SIV or (X)ChaCha20Poly1305) used by the SDKs to encrypt messages, an attacker can craft a unique cyphertext which will decrypt to multiple different results, and becomes especially relevant in a multi-recipient setting. We recommend users update their SDK to 2.0.0 or later.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2020

CVE-2020-7765
Publication date:
16/11/2020
This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2020

CVE-2020-7773
Publication date:
16/11/2020
This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require("markdown-it-highlightjs"); const md = require('markdown-it'); const reuslt_xss = md() .use(markdownItHighlightjs, { inline: true }) .render('console.log(42){.">js}'); console.log(reuslt_xss);
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2020

CVE-2020-5664
Publication date:
16/11/2020
Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote attackers to execute arbitrary code via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2020

CVE-2020-5663
Publication date:
16/11/2020
Stored cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2020
Subscribe to Vulnerabilities