Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-3586
Publication date:
15/05/2019
Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x prior to 10.6.1 May 2019 update allows context-dependent attackers to circumvent ENS protection where GTI flagged IP addresses are not blocked by the ENS Firewall via specially crafted malicious sites where the GTI reputation is carefully manipulated and does not correctly trigger the ENS Firewall to block the connection.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2014-9918
Publication date:
15/05/2019
An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the user_id parameter to signup.php.
Severity CVSS v4.0: Pending analysis
Last modification:
15/05/2019

CVE-2014-9919
Publication date:
15/05/2019
An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the fullname parameter to signup.php.
Severity CVSS v4.0: Pending analysis
Last modification:
15/05/2019

CVE-2014-9917
Publication date:
15/05/2019
An issue was discovered in Bilboplanet 2.0. There is a stored XSS vulnerability when adding a tag via the user/?page=tribes tags parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
15/05/2019

CVE-2016-10719
Publication date:
15/05/2019
TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can be introduced into the admin account through a DHCP request, allowing the attacker to steal the cookie information, which contains the base64 encoded username and password.
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2019

CVE-2016-7151
Publication date:
15/05/2019
Capstone 3.0.4 has an out-of-bounds vulnerability (SEGV caused by a read memory access) in X86_insn_reg_intel in arch/X86/X86Mapping.c.
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2019

CVE-2019-11833
Publication date:
15/05/2019
fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-12101
Publication date:
15/05/2019
coap_decode_option in coap.c in LibNyoci 0.07.00rc1 mishandles certain packets with "Uri-Path: (null)" and consequently allows remote attackers to cause a denial of service (segmentation fault).
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2019

CVE-2019-11328
Publication date:
14/05/2019
An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing//`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-11397
Publication date:
14/05/2019
GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 (when used with .NET Framework 4.5) allows Local File Inclusion via the FileDesc parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2024

CVE-2019-0301
Publication date:
14/05/2019
Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-12099
Publication date:
14/05/2019
In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020
Subscribe to Vulnerabilities