Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-20094
Publication date:
30/12/2019
An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_init_frame at fromgif.c.
Severity CVSS v4.0: Pending analysis
Last modification:
03/01/2020

CVE-2019-20092
Publication date:
30/12/2019
An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_EsDescriptor::GetDecoderConfigDescriptor in Ap4EsDescriptor.cpp.
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2020

CVE-2019-20091
Publication date:
30/12/2019
An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_DecoderConfigDescriptor::GetDecoderSpecificInfoDescriptor in Ap4DecoderConfigDescriptor.cpp.
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2020

CVE-2019-20090
Publication date:
30/12/2019
An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp.
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2020

CVE-2019-20093
Publication date:
30/12/2019
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-20089
Publication date:
30/12/2019
GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_SeekToSamples in GPMF_parse.c for the size calculation.
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2020

CVE-2019-20088
Publication date:
30/12/2019
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayload in GPMF_mp4reader.c.
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2020

CVE-2019-20087
Publication date:
30/12/2019
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seekToSamples in GPMF-parse.c for the "matching tags" feature.
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2020

CVE-2019-20086
Publication date:
30/12/2019
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next in GPMF_parser.c.
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2020

CVE-2019-20085
Publication date:
30/12/2019
TVT NVMS-1000 devices allow GET /.. Directory Traversal
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2019-20079
Publication date:
30/12/2019
The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory.
Severity CVSS v4.0: Pending analysis
Last modification:
20/10/2020

CVE-2019-20073
Publication date:
30/12/2019
On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration).
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2020
Subscribe to Vulnerabilities