Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-2199
Publication date:
13/11/2019
In createSessionInternal of PackageInstallerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138650665
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-2208
Publication date:
13/11/2019
In PromiseBuiltinsAssembler::NewPromiseCapability of builtins-promise.cc, there is a possible out of bounds read in v8 JIT code due to a bug in code generation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9 Android ID: A-138441919
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2010-4532
Publication date:
13/11/2019
offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2019-16949
Publication date:
13/11/2019
An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. A user is allowed to send an archive of their chat log to an email address specified at the beginning of the chat (where the user enters in their name and e-mail address). This POST request can be modified to change the message as well as the end recipient of the message. The e-mail address will have the same domain name and user as the product allotted. This can be used in phishing campaigns against users on the same domain.
Severity CVSS v4.0: Pending analysis
Last modification:
15/11/2019

CVE-2011-3586
Publication date:
13/11/2019
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-3504. Reason: This candidate is a duplicate of CVE-2011-3504. Notes: All CVE users should reference CVE-2011-3504 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2013-4657
Publication date:
13/11/2019
Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service.
Severity CVSS v4.0: Pending analysis
Last modification:
25/11/2019

CVE-2019-5293
Publication date:
13/11/2019
Some Huawei products have a memory leak vulnerability when handling some messages. A remote attacker with operation privilege could exploit the vulnerability by sending specific messages continuously. Successful exploit may cause some service to be abnormal.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-5289
Publication date:
13/11/2019
Gauss100 OLTP database in ManageOne with versions of 6.5.0 have an out-of-bounds read vulnerability due to the insufficient checks of the specific packet length. Attackers can construct invalid packets to attack the active and standby communication channels. Successful exploit of this vulnerability could allow the attacker to crash the database on the standby node.
Severity CVSS v4.0: Pending analysis
Last modification:
15/11/2019

CVE-2019-5294
Publication date:
13/11/2019
There is an out of bound read vulnerability in some Huawei products. A remote, unauthenticated attacker may send a corrupt or crafted message to the affected products. Due to a buffer read overflow error when parsing the message, successful exploit may cause some service to be abnormal.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2019

CVE-2014-8167
Publication date:
13/11/2019
vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack
Severity CVSS v4.0: Pending analysis
Last modification:
15/11/2019

CVE-2012-4385
Publication date:
13/11/2019
letodms 3.3.6 has CSRF via change password
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2019-16948
Publication date:
13/11/2019
An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can replace the port number at WebServiceLocation=http://localhost:8085/UCWebServices/ with a range of ports to determine what is visible on the internal network (as opposed to what general web traffic would see on the product's host). The response from open ports is different than from closed ports. The product does not allow one to change the protocol: anything except http(s) will throw an error; however, it is the type of error that allows one to determine if a port is open or not.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2019
Subscribe to Vulnerabilities