Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-10399
Publication date:
12/03/2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-user.php by adding a question mark (?) followed by the payload.
Severity CVSS v4.0: Pending analysis
Last modification:
19/08/2022

CVE-2020-10400
Publication date:
12/03/2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/article-collaboration.php by adding a question mark (?) followed by the payload.
Severity CVSS v4.0: Pending analysis
Last modification:
19/08/2022

CVE-2020-10401
Publication date:
12/03/2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-article.php by adding a question mark (?) followed by the payload.
Severity CVSS v4.0: Pending analysis
Last modification:
19/08/2022

CVE-2020-10387
Publication date:
12/03/2020
Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file.
Severity CVSS v4.0: Pending analysis
Last modification:
19/08/2022

CVE-2020-10386
Publication date:
12/03/2020
admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory.
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2022

CVE-2020-10108
Publication date:
12/03/2020
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
Severity CVSS v4.0: Pending analysis
Last modification:
25/11/2024

CVE-2020-10109
Publication date:
12/03/2020
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.
Severity CVSS v4.0: Pending analysis
Last modification:
25/11/2024

CVE-2019-5648
Publication date:
12/03/2020
Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware
Severity CVSS v4.0: Pending analysis
Last modification:
12/03/2020

CVE-2020-7254
Publication date:
12/03/2020
Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-7253
Publication date:
12/03/2020
Improper access control vulnerability in masvc.exe in McAfee Agent (MA) prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line utility.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-5177
Publication date:
12/03/2020
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). The destination buffer sp+0x440 is overflowed with the call to sprintf() for any domainname values that are greater than 1024-len(‘/etc/config-tools/edit_dns_server domain-name=‘) in length. A domainname value of length 0x3fa will cause the service to crash.
Severity CVSS v4.0: Pending analysis
Last modification:
12/03/2020

CVE-2019-5181
Publication date:
12/03/2020
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any subnetmask values that are greater than 1024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask=‘) in length. A subnetmask value of length 0x3d9 will cause the service to crash.
Severity CVSS v4.0: Pending analysis
Last modification:
17/03/2020
Subscribe to Vulnerabilities