Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-18805

Publication date:

21/04/2020

Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0.

Severity CVSS v4.0: Pending analysis

Last modification:

23/04/2020

CVE-2017-18803

Publication date:

21/04/2020

NETGEAR R7800 devices before 1.0.2.30 are affected by incorrect configuration of security settings.

Severity CVSS v4.0: Pending analysis

Last modification:

23/04/2020

CVE-2020-8895

Publication date:

21/04/2020

Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system.

Severity CVSS v4.0: Pending analysis

Last modification:

07/10/2022

CVE-2020-5268

Publication date:

21/04/2020

In Saml2 Authentication Services for ASP.NET versions before 1.0.2, and between 2.0.0 and 2.6.0, there is a vulnerability in how tokens are validated in some cases. Saml2 tokens are usually used as bearer tokens - a caller that presents a token is assumed to be the subject of the token. There is also support in the Saml2 protocol for issuing tokens that is tied to a subject through other means, e.g. holder-of-key where possession of a private key must be proved. The Sustainsys.Saml2 library incorrectly treats all incoming tokens as bearer tokens, even though they have another subject confirmation method specified. This could be used by an attacker that could get access to Saml2 tokens with another subject confirmation method than bearer. The attacker could then use such a token to create a log in session. This vulnerability is patched in versions 1.0.2 and 2.7.0.

Severity CVSS v4.0: Pending analysis

Last modification:

06/05/2020

CVE-2020-10786

Publication date:

21/04/2020

A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs.

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2020-10787

Publication date:

21/04/2020

An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password (aka the user password change script).

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2020-11889

Publication date:

21/04/2020

An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2020-11891

Publication date:

21/04/2020

An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups.

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2020-11890

Publication date:

21/04/2020

An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration.

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2020

CVE-2020-1757

Publication date:

21/04/2020

A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.

Severity CVSS v4.0: Pending analysis

Last modification:

30/04/2020

CVE-2020-1699

Publication date:

21/04/2020

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2017-18806

Publication date:

21/04/2020

Severity CVSS v4.0: Pending analysis

Last modification:

23/04/2020

Subscribe to Vulnerabilities