Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-19842
Publication date:
22/01/2020
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute.
Severity CVSS v4.0: Pending analysis
Last modification:
27/01/2020

CVE-2019-19841
Publication date:
22/01/2020
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute.
Severity CVSS v4.0: Pending analysis
Last modification:
28/01/2020

CVE-2011-3622
Publication date:
22/01/2020
A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2020-5221
Publication date:
22/01/2020
In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). This has been fixed in version 2.11
Severity CVSS v4.0: Pending analysis
Last modification:
30/01/2020

CVE-2019-19836
Publication date:
22/01/2020
AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename.
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2020

CVE-2019-19834
Publication date:
22/01/2020
Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2020

CVE-2019-19843
Publication date:
22/01/2020
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-16792
Publication date:
22/01/2020
Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2022

CVE-2012-4919
Publication date:
22/01/2020
Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2016-4761
Publication date:
22/01/2020
WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2020

CVE-2019-5647
Publication date:
22/01/2020
The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacking attempts easier, since the user could believe a session was closed when it was not. This issue affects Rapid7 AppSpider version 3.8.213 and prior versions, and is fixed in version 3.8.215.
Severity CVSS v4.0: Pending analysis
Last modification:
30/01/2020

CVE-2011-3612
Publication date:
22/01/2020
Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024
Subscribe to Vulnerabilities