Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-16205
Publication date:
08/11/2019
A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal.
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2019

CVE-2019-16208
Publication date:
08/11/2019
Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2019

CVE-2019-16207
Publication date:
08/11/2019
Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2019

CVE-2019-16209
Publication date:
08/11/2019
A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2019

CVE-2019-16206
Publication date:
08/11/2019
The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
01/01/2022

CVE-2019-16210
Publication date:
08/11/2019
Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-13557
Publication date:
08/11/2019
In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information.
Severity CVSS v4.0: Pending analysis
Last modification:
13/11/2019

CVE-2013-1889
Publication date:
08/11/2019
mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2013-1820
Publication date:
08/11/2019
tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service.
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2019

CVE-2019-14860
Publication date:
08/11/2019
It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2020

CVE-2019-10222
Publication date:
08/11/2019
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.
Severity CVSS v4.0: Pending analysis
Last modification:
23/10/2023

CVE-2019-14824
Publication date:
08/11/2019
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
Severity CVSS v4.0: Pending analysis
Last modification:
24/04/2023
Subscribe to Vulnerabilities