Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-16868
Publication date:
25/09/2019
emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
26/09/2019

CVE-2019-16867
Publication date:
25/09/2019
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.)
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-13528
Publication date:
24/09/2019
A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000), Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000), and Niagara 4.7u1 (JACE-8000, Edge 10).
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2020

CVE-2019-16759
Publication date:
24/09/2019
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
Severity CVSS v4.0: Pending analysis
Last modification:
14/03/2025

CVE-2019-5094
Publication date:
24/09/2019
An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2025

CVE-2019-13527
Publication date:
24/09/2019
In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that has not been initialized.
Severity CVSS v4.0: Pending analysis
Last modification:
17/12/2024

CVE-2019-16725
Publication date:
24/09/2019
In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2019

CVE-2019-16724
Publication date:
24/09/2019
File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331.
Severity CVSS v4.0: Pending analysis
Last modification:
26/09/2019

CVE-2019-14220
Publication date:
24/09/2019
An issue was discovered in BlueStacks 4.110 and below on macOS and on 4.120 and below on Windows. BlueStacks employs Android running in a virtual machine (VM) to enable Android apps to run on Windows or MacOS. Bug is in a local arbitrary file read through a system service call. The impacted method runs with System admin privilege and if given the file name as parameter returns you the content of file. A malicious app using the affected method can then read the content of any system file which it is not authorized to read
Severity CVSS v4.0: Pending analysis
Last modification:
08/09/2021

CVE-2019-5504
Publication date:
24/09/2019
ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-5505
Publication date:
24/09/2019
ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-16411
Publication date:
24/09/2019
An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len data + 3)" places one beyond the 3 bytes, because the code should have been "flag = *(o->data + 1)" instead.
Severity CVSS v4.0: Pending analysis
Last modification:
02/10/2019
Subscribe to Vulnerabilities