Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-0256
Publication date:
15/02/2019
Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwise be restricted.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-8347
Publication date:
15/02/2019
BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI.
Severity CVSS v4.0: Pending analysis
Last modification:
15/02/2019

CVE-2019-6974
Publication date:
15/02/2019
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-8345
Publication date:
15/02/2019
The Help feature in the ES File Explorer File Manager application 4.1.9.7.4 for Android allows session hijacking by a Man-in-the-middle attacker on the local network because HTTPS is not used, and an attacker's web site is displayed in a WebView with no information about the URL.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-8343
Publication date:
15/02/2019
In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2023

CVE-2019-8341
Publication date:
15/02/2019
An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2024

CVE-2019-6589
Publication date:
14/02/2019
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility.
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2019

CVE-2018-6268
Publication date:
13/02/2019
NVIDIA Tegra library contains a vulnerability in libnvmmlite_video.so, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges. Android ID: A-80433161.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2019

CVE-2018-6267
Publication date:
13/02/2019
NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software does not validate or incorrectly validates input that can affect the control flow or data flow of a program, which may lead to denial of service or escalation of privileges. Android ID: A-70857947.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-6271
Publication date:
13/02/2019
NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software delivers extra data with the buffer and does not properly validated the extra data, which may lead to denial of service or escalation of privileges. Android ID: A-80198474.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-19008
Publication date:
13/02/2019
The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor wherein the application doesn't properly prevent the insertion of specially crafted files which could allow arbitrary code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2019-8337
Publication date:
13/02/2019
In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked.
Severity CVSS v4.0: Pending analysis
Last modification:
01/03/2019
Subscribe to Vulnerabilities