Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-12382

Publication date:
28/05/2019
An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2024

CVE-2019-12381

Publication date:
28/05/2019
An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2024

CVE-2019-12379

Publication date:
28/05/2019
An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This id is disputed as not being an issue
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2024

CVE-2019-12383

Publication date:
28/05/2019
Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2023

CVE-2019-12380

Publication date:
28/05/2019
**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-12372

Publication date:
28/05/2019
Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via the User ID parameter to the login form.
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2019

CVE-2019-12362

Publication date:
27/05/2019
EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php.
Severity CVSS v4.0: Pending analysis
Last modification:
28/05/2019

CVE-2019-12360

Publication date:
27/05/2019
A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-12361

Publication date:
27/05/2019
EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-12345

Publication date:
27/05/2019
XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress.
Severity CVSS v4.0: Pending analysis
Last modification:
03/08/2019

CVE-2019-7070

Publication date:
24/05/2019
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
Severity CVSS v4.0: Pending analysis
Last modification:
21/08/2019

CVE-2019-7071

Publication date:
24/05/2019
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
21/08/2019