Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-19595
Publication date:
05/12/2019
reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php file.
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2019

CVE-2018-1002102
Publication date:
05/12/2019
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-11255
Publication date:
05/12/2019
Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-15897
Publication date:
05/12/2019
beegfs-ctl in ThinkParQ BeeGFS through 7.1.3 allows Authentication Bypass via communication with a BeeGFS metadata server (which is typically not exposed to external networks).
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-19007
Publication date:
05/12/2019
Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled, a related issue to CVE-2019-17600.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-19008
Publication date:
05/12/2019
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-19363. Reason: This candidate is a reservation duplicate of CVE-2019-19363. Notes: All CVE users should reference CVE-2019-19363 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2013-0243
Publication date:
05/12/2019
haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections
Severity CVSS v4.0: Pending analysis
Last modification:
17/12/2019

CVE-2019-14910
Publication date:
05/12/2019
A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2020

CVE-2019-18180
Publication date:
05/12/2019
Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to mails) of ((OTRS)) Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: ((OTRS)) Community Edition 5.0.x version 5.0.38 and prior versions; 6.0.x version 6.0.23 and prior versions. OTRS AG: OTRS 7.0.x version 7.0.12 and prior versions.
Severity CVSS v4.0: Pending analysis
Last modification:
31/08/2023

CVE-2019-17437
Publication date:
05/12/2019
An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5. PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
13/12/2019

CVE-2013-0163
Publication date:
05/12/2019
OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS
Severity CVSS v4.0: Pending analysis
Last modification:
14/12/2019

CVE-2019-19317
Publication date:
05/12/2019
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2022
Subscribe to Vulnerabilities