Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2011-2808
Publication date:
06/11/2019
A stale layout root is set as an input element in WebKit in Google Chrome before Blink M13 when a child of a keygen with autofocus is accessed.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2019-5084
Publication date:
06/11/2019
An exploitable heap out-of-bounds write vulnerability exists in the TIF-parsing functionality of LEADTOOLS 20. A specially crafted TIF image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An attacker can specially craft a TIF image to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
21/06/2022

CVE-2019-5099
Publication date:
06/11/2019
An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution. An attacker can specially craft a CMP image to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
21/06/2022

CVE-2019-5100
Publication date:
06/11/2019
An exploitable integer overflow vulnerability exists in the BMP header parsing functionality of LEADTOOLS 20. A specially crafted BMP image file can cause an integer overflow, potentially resulting in code execution. An attacker can specially craft a BMP image to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
21/06/2022

CVE-2019-5125
Publication date:
06/11/2019
An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20. A specially crafted J2K image file can cause an out of bounds write of a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
21/06/2022

CVE-2018-20853
Publication date:
06/11/2019
An issue was discovered in the MailPoet Newsletters (aka wysija-newsletters) plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2014-3180
Publication date:
06/11/2019
In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable
Severity CVSS v4.0: Pending analysis
Last modification:
06/08/2024

CVE-2009-5045
Publication date:
06/11/2019
Dump Servlet information leak in jetty before 6.1.22.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2009-5046
Publication date:
06/11/2019
JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2019-5642
Publication date:
06/11/2019
Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface.
Severity CVSS v4.0: Pending analysis
Last modification:
13/11/2019

CVE-2019-5643
Publication date:
06/11/2019
Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may enumerate the user names and facility names in use on a particular installation.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2020

CVE-2019-5644
Publication date:
06/11/2019
Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may alter several facets of a user account, including promoting any user to an administrator.
Severity CVSS v4.0: Pending analysis
Last modification:
14/09/2021
Subscribe to Vulnerabilities