Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-18419
Publication date:
02/08/2019
cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266).
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2019

CVE-2017-18418
Publication date:
02/08/2019
cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265).
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2019

CVE-2017-18417
Publication date:
02/08/2019
cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263).
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2019

CVE-2019-14531
Publication date:
02/08/2019
An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds read on iso9660 while parsing System Use Sharing Protocol data in fs/iso9660.c.
Severity CVSS v4.0: Pending analysis
Last modification:
12/08/2019

CVE-2019-14235
Publication date:
02/08/2019
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-5493
Publication date:
02/08/2019
Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be enabled.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-5501
Publication date:
02/08/2019
Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-14532
Publication date:
02/08/2019
An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-14232
Publication date:
02/08/2019
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2024

CVE-2019-14233
Publication date:
02/08/2019
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-10176
Publication date:
02/08/2019
A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-use the token to perform a CSRF attack.
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2023

CVE-2019-14528
Publication date:
02/08/2019
GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/scanner.l via crafted COBOL source code.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020
Subscribe to Vulnerabilities