Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-13903
Publication date:
12/10/2020
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-12254. Reason: This candidate is a reservation duplicate of CVE-2020-12254. Notes: All CVE users should reference CVE-2020-12254 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-25825
Publication date:
12/10/2020
In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs.
Severity CVSS v4.0: Pending analysis
Last modification:
26/10/2020

CVE-2020-12670
Publication date:
12/10/2020
XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2020

CVE-2020-8820
Publication date:
12/10/2020
An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2020

CVE-2020-8821
Publication date:
12/10/2020
An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-9240
Publication date:
12/10/2020
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2020

CVE-2020-9110
Publication date:
12/10/2020
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an information disclosure vulnerability. The device does not sufficiently validate the output of device in certain specific scenario, the attacker can gain information in the victim's smartphone to launch the attack, successful exploit could cause information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-9230
Publication date:
12/10/2020
WS5800-10 version 10.0.3.25 has a denial of service vulnerability. Due to improper verification of specific message, an attacker may exploit this vulnerability to cause specific function to become abnormal.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2020

CVE-2020-9107
Publication date:
12/10/2020
HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2020

CVE-2020-9108
Publication date:
12/10/2020
HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2020

CVE-2020-9091
Publication date:
12/10/2020
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability. Some functions do not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2020

CVE-2020-9087
Publication date:
12/10/2020
Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information leak.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2020
Subscribe to Vulnerabilities