Home / Early Warning / Vulnerabilities
Subscribe to INCIBE-CERT - Vulnerabilities RSS

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (http://nvd.nist.gov/) (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used (http://cve.mitre.org/) with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others. Through RSS feeds (https://www.incibe-cert.es/feed/vulnerabilities) or Newsletters (https://www.incibe-cert.es/en/subscriptions) we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-11542

Severity: 
None
Publication date: 
04/04/2020
Last modified: 
04/04/2020
Description:  
3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the MYKEY substring.

CVE-2020-11533

Severity: 
None
Publication date: 
04/04/2020
Last modified: 
04/04/2020
Description:  
Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material).

CVE-2020-11529

Severity: 
None
Publication date: 
04/04/2020
Last modified: 
04/04/2020
Description:  
Common/Grav.php in Grav before 1.6.23 has an Open Redirect.

CVE-2020-11527

Severity: 
None
Publication date: 
04/04/2020
Last modified: 
04/04/2020
Description:  
In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files.

CVE-2020-11528

Severity: 
None
Publication date: 
04/04/2020
Last modified: 
04/04/2020
Description:  
bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write) in conv_bitmap in bit2spr.c via a long line in a bitmap file.

CVE-2020-11518

Severity: 
None
Publication date: 
04/04/2020
Last modified: 
04/04/2020
Description:  
Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.

CVE-2020-5347

Severity: 
None
Publication date: 
04/03/2020
Last modified: 
04/03/2020
Description:  
Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.

CVE-2020-5348

Severity: 
None
Publication date: 
04/03/2020
Last modified: 
04/03/2020
Description:  
Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.

CVE-2020-8142

Severity: 
None
Publication date: 
04/03/2020
Last modified: 
04/03/2020
Description:  
A security restriction bypass vulnerability has been discovered in Revive Adserver version

CVE-2020-8143

Severity: 
None
Publication date: 
04/03/2020
Last modified: 
04/03/2020
Description:  
An Open Redirect vulnerability was discovered in Revive Adserver version

Pages