Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2015-0841
Publication date:
09/12/2019
Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of service (crash) via a long line.
Severity CVSS v4.0: Pending analysis
Last modification:
11/12/2019

CVE-2019-18190
Publication date:
09/12/2019
Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances.
Severity CVSS v4.0: Pending analysis
Last modification:
12/12/2019

CVE-2019-19603
Publication date:
09/12/2019
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-19646
Publication date:
09/12/2019
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2022

CVE-2015-1853
Publication date:
09/12/2019
chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2023

CVE-2019-18380
Publication date:
09/12/2019
Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication.
Severity CVSS v4.0: Pending analysis
Last modification:
17/12/2019

CVE-2019-19687
Publication date:
09/12/2019
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.)
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2019

CVE-2018-17185
Publication date:
09/12/2019
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-12424
Publication date:
09/12/2019
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-19683
Publication date:
09/12/2019
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs.
Severity CVSS v4.0: Pending analysis
Last modification:
17/12/2019

CVE-2019-19685
Publication date:
09/12/2019
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions.
Severity CVSS v4.0: Pending analysis
Last modification:
17/12/2019

CVE-2019-19682
Publication date:
09/12/2019
nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/[id] Admin/Blog/BlogPostEdit/[id]. NOTE: the vendor reportedly considers this a "feature" because the affected components are an HTML content editor.
Severity CVSS v4.0: Pending analysis
Last modification:
10/12/2019
Subscribe to Vulnerabilities