Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2013-2106

Publication date:
03/12/2019
webauth before 4.6.1 has authentication credential disclosure
Severity CVSS v4.0: Pending analysis
Last modification:
10/12/2019

CVE-2013-2228

Publication date:
03/12/2019
SaltStack RSA Key Generation allows remote users to decrypt communications
Severity CVSS v4.0: Pending analysis
Last modification:
13/12/2019

CVE-2013-2103

Publication date:
03/12/2019
OpenShift cartridge allows remote URL retrieval
Severity CVSS v4.0: Pending analysis
Last modification:
13/12/2019

CVE-2013-2101

Publication date:
03/12/2019
Katello has multiple XSS issues in various entities
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2023

CVE-2019-3666

Publication date:
03/12/2019
API Abuse/Misuse vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to navigate to restricted websites via a carefully crafted web site.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-3665

Publication date:
03/12/2019
Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would normally have blocked via a carefully crafted web site.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-19516

Publication date:
02/12/2019
Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password.
Severity CVSS v4.0: Pending analysis
Last modification:
13/12/2019

CVE-2019-15689

Publication date:
02/12/2019
Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products
Severity CVSS v4.0: Pending analysis
Last modification:
18/12/2019

CVE-2019-19316

Publication date:
02/12/2019
When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2012-5562

Publication date:
02/12/2019
rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite
Severity CVSS v4.0: Pending analysis
Last modification:
13/12/2019

CVE-2013-4410

Publication date:
02/12/2019
ReviewBoard: has an access-control problem in REST API
Severity CVSS v4.0: Pending analysis
Last modification:
13/12/2019

CVE-2014-9356

Publication date:
02/12/2019
Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.
Severity CVSS v4.0: Pending analysis
Last modification:
11/12/2019