Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2013-4532

Publication date:
02/01/2020
Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
Severity CVSS v4.0: Pending analysis
Last modification:
15/01/2020

CVE-2019-14863

Publication date:
02/01/2020
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2020

CVE-2019-20219

Publication date:
02/01/2020
ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor in ngiflib.c.
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2020

CVE-2019-20225

Publication date:
02/01/2020
MyBB before 1.8.22 allows an open redirect on login.
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2020

CVE-2019-14862

Publication date:
02/01/2020
There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
Severity CVSS v4.0: Pending analysis
Last modification:
07/06/2022

CVE-2019-14864

Publication date:
02/01/2020
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2022

CVE-2019-10158

Publication date:
02/01/2020
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.
Severity CVSS v4.0: Pending analysis
Last modification:
27/12/2023

CVE-2013-3935

Publication date:
02/01/2020
Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2020

CVE-2019-10775

Publication date:
02/01/2020
ecstatic have a denial of service vulnerability. Successful exploitation could lead to crash of an application.
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2020

CVE-2013-3936

Publication date:
02/01/2020
Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 and Opsview Core before 20130522 allow remote attackers to inject arbitrary web script or HTML.
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2020

CVE-2019-14859

Publication date:
02/01/2020
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2021

CVE-2020-5179

Publication date:
02/01/2020
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Diagnostics Ping page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)
Severity CVSS v4.0: Pending analysis
Last modification:
13/01/2020