Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-11862

Publication date:

21/08/2020

The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying.

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2020-14201

Publication date:

21/08/2020

Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code.

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2019-11848

Publication date:

21/08/2020

An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values.

Severity CVSS v4.0: Pending analysis

Last modification:

09/02/2022

CVE-2019-11849

Publication date:

21/08/2020

A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS before 4.11.0. The vulnerability may allow code execution.

Severity CVSS v4.0: Pending analysis

Last modification:

09/02/2022

CVE-2019-11850

Publication date:

21/08/2020

A stack overflow vulnerabiltity exist in the AT command interface of ALEOS before 4.11.0. The vulnerability may allow code execution

Severity CVSS v4.0: Pending analysis

Last modification:

09/02/2022

CVE-2019-11852

Publication date:

21/08/2020

An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Sensitive information may be disclosed via the ACEviewservice, accessible by default on the LAN.

Severity CVSS v4.0: Pending analysis

Last modification:

09/02/2022

CVE-2019-11853

Publication date:

21/08/2020

Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4.

Severity CVSS v4.0: Pending analysis

Last modification:

09/02/2022

CVE-2019-11855

Publication date:

21/08/2020

An RPC server is enabled by default on the gateway&#39;s LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9.

Severity CVSS v4.0: Pending analysis

Last modification:

09/02/2022

CVE-2019-11856

Publication date:

21/08/2020

A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials.

Severity CVSS v4.0: Pending analysis

Last modification:

09/02/2022