Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-10957
Publication date:
17/01/2020
Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user’s browser.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2023

CVE-2019-15855
Publication date:
17/01/2020
An issue was discovered in Maarch RM before 2.5. A path traversal vulnerability allows an unauthenticated remote attacker to overwrite any files with a crafted POST request if the default installation procedure was followed. This results in a permanent Denial of Service.
Severity CVSS v4.0: Pending analysis
Last modification:
28/01/2020

CVE-2019-15854
Publication date:
17/01/2020
An issue was discovered in Maarch RM before 2.5. A privilege escalation vulnerability allows an authenticated user with lowest privileges to give herself highest administration privileges via a crafted PUT request to an unauthorized resource.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-20003
Publication date:
17/01/2020
Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored XSS via the Debug-Log and Display-Log components. This could be exploited when an attacker sends an crafted string for FTP authentication.
Severity CVSS v4.0: Pending analysis
Last modification:
27/01/2020

CVE-2019-3686
Publication date:
17/01/2020
openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. This was reported through the bug bounty program of Offensive Security
Severity CVSS v4.0: Pending analysis
Last modification:
27/01/2020

CVE-2019-3683
Publication date:
17/01/2020
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.
Severity CVSS v4.0: Pending analysis
Last modification:
22/10/2020

CVE-2019-3682
Publication date:
17/01/2020
The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node.
Severity CVSS v4.0: Pending analysis
Last modification:
06/02/2020

CVE-2019-19801
Publication date:
17/01/2020
In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command Centre databases.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-17361
Publication date:
17/01/2020
In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2023

CVE-2019-19142
Publication date:
17/01/2020
Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2023

CVE-2019-19802
Publication date:
17/01/2020
In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-15742
Publication date:
17/01/2020
A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this issue to gain elevated privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020
Subscribe to Vulnerabilities