Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-10123
Publication date:
21/08/2020
The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating a new session key that the attacker knows.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2020-24591
Publication date:
21/08/2020
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.
Severity CVSS v4.0: Pending analysis
Last modification:
19/04/2022

CVE-2020-24590
Publication date:
21/08/2020
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
27/08/2020

CVE-2020-24589
Publication date:
21/08/2020
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-11862
Publication date:
21/08/2020
The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-14201
Publication date:
21/08/2020
Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-11848
Publication date:
21/08/2020
An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values.
Severity CVSS v4.0: Pending analysis
Last modification:
09/02/2022

CVE-2019-11849
Publication date:
21/08/2020
A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS before 4.11.0. The vulnerability may allow code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
09/02/2022

CVE-2019-11850
Publication date:
21/08/2020
A stack overflow vulnerabiltity exist in the AT command interface of ALEOS before 4.11.0. The vulnerability may allow code execution
Severity CVSS v4.0: Pending analysis
Last modification:
09/02/2022

CVE-2019-11852
Publication date:
21/08/2020
An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Sensitive information may be disclosed via the ACEviewservice, accessible by default on the LAN.
Severity CVSS v4.0: Pending analysis
Last modification:
09/02/2022

CVE-2019-11853
Publication date:
21/08/2020
Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4.
Severity CVSS v4.0: Pending analysis
Last modification:
09/02/2022

CVE-2019-11855
Publication date:
21/08/2020
An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9.
Severity CVSS v4.0: Pending analysis
Last modification:
09/02/2022
Subscribe to Vulnerabilities