Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-16263
Publication date:
22/01/2020
The PulseAudio system service in Tizen allows an unprivileged process to control its A2DP MediaEndpoint, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2011-4943
Publication date:
22/01/2020
ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed in v1.0.13)
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2019-12490
Publication date:
22/01/2020
An issue was discovered in Simple Machines Forum (SMF) before 2.0.16. Reverse tabnabbing can occur because of use of _blank for external links.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-16791
Publication date:
22/01/2020
In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.
Severity CVSS v4.0: Pending analysis
Last modification:
23/10/2020

CVE-2018-17981
Publication date:
22/01/2020
Lifesize Express ls ex2_4.7.10 2000 (14) devices allow XSS via the interface/interface.php brand parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2020

CVE-2019-19414
Publication date:
21/01/2020
There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash.
Severity CVSS v4.0: Pending analysis
Last modification:
28/01/2020

CVE-2019-19413
Publication date:
21/01/2020
There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash.
Severity CVSS v4.0: Pending analysis
Last modification:
28/01/2020

CVE-2020-1788
Publication date:
21/01/2020
Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P1) have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could trick the user into installing a malicious application. Successful exploit could allow unauthorized actions leading to information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2020

CVE-2019-20388
Publication date:
21/01/2020
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2023

CVE-2019-20387
Publication date:
21/01/2020
repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2023

CVE-2020-7595
Publication date:
21/01/2020
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-7594
Publication date:
21/01/2020
MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the interface JSON field of the ping function.
Severity CVSS v4.0: Pending analysis
Last modification:
29/01/2020
Subscribe to Vulnerabilities