Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-1010299
Publication date:
15/07/2019
The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vector is: The program needs to invoke debug printing for iterator over an empty VecDeque. The fixed version is: 1.30.0, nightly versions after commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d.
Severity CVSS v4.0: Pending analysis
Last modification:
30/09/2020

CVE-2019-1010293
Publication date:
15/07/2019
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-1010044
Publication date:
15/07/2019
borg-reducer c6d5240 is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Output parameter within the executable.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-1010042
Publication date:
15/07/2019
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7662. Reason: This candidate is a reservation duplicate of CVE-2018-7662. Notes: All CVE users should reference CVE-2018-7662 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-1010305
Publication date:
15/07/2019
libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-1010304
Publication date:
15/07/2019
Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c. This commit was released as part of 2.0.0 release is affected by: Incorrect Access Control. The impact is: Important. The component is: ProductVariant type in GraphQL API. The attack vector is: Unauthenticated user can access the GraphQL API (which is by default publicly exposed under `/graphql/` URL) and fetch products data which may include admin-restricted shop's revenue data. The fixed version is: 2.3.1.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-1010306
Publication date:
15/07/2019
Slanger 0.6.0 is affected by: Remote Code Execution (RCE). The impact is: A remote attacker can execute arbitrary commands by sending a crafted request to the server. The component is: Message handler & request validator. The attack vector is: Remote unauthenticated. The fixed version is: after commit 5267b455caeb2e055cccf0d2b6a22727c111f5c3.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-1010039
Publication date:
15/07/2019
uLaunchELF
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-13604
Publication date:
15/07/2019
There is a short key vulnerability in HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader v24. The key for obfuscating the fingerprint image is vulnerable to brute-force attacks. This allows an attacker to recover the key and decrypt that image using the key. Successful exploitation causes a sensitive biometric information leak.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-1010038
Publication date:
15/07/2019
OpenModelica OMCompiler is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: OPENMODELICAHOME parameter changeable via environment variable. The attack vector is: Changing an environment variable.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-1010034
Publication date:
15/07/2019
Deepwoods Software WebLibrarian 3.5.2 and earlier is affected by: SQL Injection. The impact is: Exposing the entire database. The component is: Function "AllBarCodes" (defined at database_code.php line 1018) is vulnerable to a boolean-based blind sql injection. This function call can be triggered by any user logged-in with at least Volunteer role or manage_circulation capabilities. PoC : /wordpress/wp-admin/admin.php?page=weblib-circulation-desk&orderby=title&order=DESC.
Severity CVSS v4.0: Pending analysis
Last modification:
21/08/2019

CVE-2014-10374
Publication date:
15/07/2019
On Fitbit activity-tracker devices, certain addresses never change. According to the popets-2019-0036.pdf document, this leads to "permanent trackability" and "considerable privacy concerns" without a user-accessible anonymization feature. The devices, such as Charge 2, transmit Bluetooth Low Energy (BLE) advertising packets with a TxAdd flag indicating random addresses, but the addresses remain constant. If devices come within BLE range at one or more locations where an adversary has set up passive sniffing, the adversary can determine whether the same device has entered one of these locations.
Severity CVSS v4.0: Pending analysis
Last modification:
24/07/2019
Subscribe to Vulnerabilities