Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-10563
Publication date:
21/11/2019
Buffer over-read can occur in fast message handler due to improper input validation while processing a message from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8096AU, MSM8996AU, MSM8998, QCN7605, QCS405, QCS605, SDA660, SDM636, SDM660, SDX20, SDX24
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2018-9195
Publication date:
21/11/2019
Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below.
Severity CVSS v4.0: Pending analysis
Last modification:
04/05/2020

CVE-2014-1936
Publication date:
21/11/2019
rc before 1.7.1-5 insecurely creates temporary files.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2020

CVE-2014-1935
Publication date:
21/11/2019
9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2020

CVE-2014-0084
Publication date:
21/11/2019
Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2023

CVE-2012-4524
Publication date:
21/11/2019
xlockmore before 5.43 'dclock' security bypass vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2012-3460
Publication date:
21/11/2019
cumin: At installation postgresql database user created without password
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2014-0083
Publication date:
21/11/2019
The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2020

CVE-2013-7171
Publication date:
21/11/2019
Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
03/12/2019

CVE-2013-7172
Publication date:
21/11/2019
Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
03/12/2019

CVE-2012-3543
Publication date:
21/11/2019
mono 2.10.x ASP.NET Web Form Hash collision DoS
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2012-2350
Publication date:
21/11/2019
pam_shield before 0.9.4: Default configuration does not perform protective action
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024
Subscribe to Vulnerabilities