Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-3566
Publication date:
10/05/2019
A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages. This behavior requires independent knowledge of metadata for previous messages, which are not available publicly. This issue affects WhatsApp for Android 2.19.52 and 2.19.54 - 2.19.103, as well as WhatsApp Business for Android starting in v2.19.22 until v2.19.38.
Severity CVSS v4.0: Pending analysis
Last modification:
14/09/2021

CVE-2019-5676
Publication date:
10/05/2019
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
27/04/2022

CVE-2019-5677
Publication date:
10/05/2019
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DeviceIoControl where the software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-5675
Publication date:
10/05/2019
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes, which may lead to denial of service, escalation of privileges, or information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-11000
Publication date:
10/05/2019
An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. It allows Information Disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
01/03/2023

CVE-2019-11066
Publication date:
10/05/2019
openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2019

CVE-2019-5495
Publication date:
10/05/2019
OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
14/05/2019

CVE-2019-11059
Publication date:
10/05/2019
Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-8812
Publication date:
10/05/2019
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-15610. Reason: This candidate is a reservation duplicate of CVE-2018-15610. Notes: All CVE users should reference CVE-2018-15610 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-5496
Publication date:
10/05/2019
Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-5018
Publication date:
10/05/2019
An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
13/06/2022

CVE-2019-5494
Publication date:
10/05/2019
OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020
Subscribe to Vulnerabilities