Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-6279
Publication date:
21/03/2019
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-6116
Publication date:
21/03/2019
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-5722
Publication date:
21/03/2019
An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handling, it has various SQL injections, including on the login form, and on the search form for a key ring number.
Severity CVSS v4.0: Pending analysis
Last modification:
22/03/2019

CVE-2019-5417
Publication date:
21/03/2019
A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2019

CVE-2019-5729
Publication date:
21/03/2019
Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2019

CVE-2019-5011
Publication date:
21/03/2019
An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.
Severity CVSS v4.0: Pending analysis
Last modification:
13/06/2022

CVE-2019-4094
Publication date:
21/03/2019
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. IBM X-Force ID: 158014.
Severity CVSS v4.0: Pending analysis
Last modification:
30/01/2023

CVE-2019-5413
Publication date:
21/03/2019
An attacker can use the format parameter to inject arbitrary commands in the npm package morgan
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-5414
Publication date:
21/03/2019
If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2019-5416
Publication date:
21/03/2019
A path traversal vulnerability in localhost-now npm package version 1.0.2 allows the attackers to read content of arbitrary files on the remote server.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2019-5415
Publication date:
21/03/2019
A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to.
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2020

CVE-2019-5723
Publication date:
21/03/2019
An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored by the application can be easily decrypted.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021
Subscribe to Vulnerabilities