Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2016-1587
Publication date:
22/04/2019
The Snapweb interface before version 0.21.2 was exposing controls to install or remove snap packages without controlling the identity of the user, nor the origin of the connection. An attacker could have used the controls to remotely add a valid, but malicious, snap package, from the Store, potentially using system resources without permission from the legitimate administrator of the system.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2016-1579
Publication date:
22/04/2019
UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-0ubuntu1 any confined application could make use of the UDM C++ API to run arbitrary commands in an unconfined environment as the phablet user.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2015-1343
Publication date:
22/04/2019
All versions of unity-scope-gdrive logs search terms to syslog.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2019-11456
Publication date:
22/04/2019
Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code.
Severity CVSS v4.0: Pending analysis
Last modification:
26/04/2019

CVE-2016-1573
Publication date:
22/04/2019
Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Dash/CardCreator.js will execute any code found in place of a fallback image supplied by a scope.
Severity CVSS v4.0: Pending analysis
Last modification:
14/07/2020

CVE-2019-3902
Publication date:
22/04/2019
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
Severity CVSS v4.0: Pending analysis
Last modification:
31/07/2020

CVE-2019-6155
Publication date:
22/04/2019
A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2016-1585
Publication date:
22/04/2019
In all versions of AppArmor mount rules are accidentally widened when compiled.
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025

CVE-2015-1316
Publication date:
22/04/2019
Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2015-1320
Publication date:
22/04/2019
The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2015-1326
Publication date:
22/04/2019
python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2015-1327
Publication date:
22/04/2019
Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019
Subscribe to Vulnerabilities