Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-7918
Publication date:
27/03/2020
An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration.
Severity CVSS v4.0: Pending analysis
Last modification:
31/03/2020

CVE-2020-10607
Publication date:
27/03/2020
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2020

CVE-2020-1769
Publication date:
27/03/2020
In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
Severity CVSS v4.0: Pending analysis
Last modification:
31/08/2023

CVE-2020-1770
Publication date:
27/03/2020
Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
Severity CVSS v4.0: Pending analysis
Last modification:
31/08/2023

CVE-2020-1771
Publication date:
27/03/2020
Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
Severity CVSS v4.0: Pending analysis
Last modification:
31/08/2023

CVE-2020-1772
Publication date:
27/03/2020
It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
Severity CVSS v4.0: Pending analysis
Last modification:
31/08/2023

CVE-2020-1773
Publication date:
27/03/2020
An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions.
Severity CVSS v4.0: Pending analysis
Last modification:
31/08/2023

CVE-2020-10510
Publication date:
27/03/2020
Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-10509
Publication date:
27/03/2020
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.
Severity CVSS v4.0: Pending analysis
Last modification:
30/03/2020

CVE-2020-10508
Publication date:
27/03/2020
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-3936
Publication date:
27/03/2020
UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command.
Severity CVSS v4.0: Pending analysis
Last modification:
16/09/2024

CVE-2020-3920
Publication date:
27/03/2020
UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory.
Severity CVSS v4.0: Pending analysis
Last modification:
17/09/2024
Subscribe to Vulnerabilities