Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-12396
Publication date:
28/02/2019
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-12398
Publication date:
28/02/2019
By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP). This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-12391
Publication date:
28/02/2019
During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-12393
Publication date:
28/02/2019
A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-12389
Publication date:
28/02/2019
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR
Severity CVSS v4.0: Pending analysis
Last modification:
25/11/2025

CVE-2018-12390
Publication date:
28/02/2019
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
25/11/2025

CVE-2018-12397
Publication date:
28/02/2019
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR
Severity CVSS v4.0: Pending analysis
Last modification:
25/11/2025

CVE-2018-12392
Publication date:
28/02/2019
When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
25/11/2025

CVE-2019-2000
Publication date:
28/02/2019
In several functions of binder.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025789.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-2001
Publication date:
28/02/2019
The permissions on /proc/iomem were world-readable. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-117422211.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-1986
Publication date:
28/02/2019
In SkSwizzler::onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege in system_server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-117838472.
Severity CVSS v4.0: Pending analysis
Last modification:
01/03/2019

CVE-2019-1987
Publication date:
28/02/2019
In onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-118143775.
Severity CVSS v4.0: Pending analysis
Last modification:
01/03/2019
Subscribe to Vulnerabilities