Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-9189
Publication date:
05/06/2019
Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker to gain full system access.
Severity CVSS v4.0: Pending analysis
Last modification:
31/07/2019

CVE-2019-11988
Publication date:
05/06/2019
A Remote Unauthorized Access vulnerability was identified in HPE Smart Update Manager (SUM) earlier than version 8.3.5.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-5394
Publication date:
05/06/2019
The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-11226
Publication date:
05/06/2019
CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News.
Severity CVSS v4.0: Pending analysis
Last modification:
05/06/2019

CVE-2019-11987
Publication date:
05/06/2019
A security vulnerability in HPE Smart Update Manager (SUM) prior to v8.4 could allow local unauthorized elevation of privilege.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-11982
Publication date:
05/06/2019
A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.
Severity CVSS v4.0: Pending analysis
Last modification:
07/06/2019

CVE-2019-11983
Publication date:
05/06/2019
A remote buffer overflow vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.
Severity CVSS v4.0: Pending analysis
Last modification:
07/06/2019

CVE-2019-12553
Publication date:
05/06/2019
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the StrCat function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-12554
Publication date:
05/06/2019
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the WSubStr function (provided by the scripting engine) allows an attacker to cause a denial of service by crashing the application.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-12555
Publication date:
05/06/2019
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the SubStr function (provided by the scripting engine) allows an attacker to cause a denial of service by crashing the application.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-9548
Publication date:
05/06/2019
Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-1842
Publication date:
05/06/2019
A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when certain sequences of actions are processed during an SSH login event on the affected device. An attacker could exploit this vulnerability by initiating an SSH session to the device with a specific sequence that presents the two usernames. A successful exploit could result in logging data misrepresentation, user enumeration, or, in certain circumstances, a command authorization bypass. See the Details section for more information.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2020
Subscribe to Vulnerabilities