Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2013-2600
Publication date:
01/11/2019
MiniUPnPd has information disclosure use of snprintf()
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2019

CVE-2013-2738
Publication date:
01/11/2019
minidlna has SQL Injection that may allow retrieval of arbitrary files
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2019

CVE-2019-16909
Publication date:
01/11/2019
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as a Jira user, but without authorization for specific projects) via the plugins/servlet/nfj/NotificationSettings URI.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-18230
Publication date:
31/10/2019
Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP.
Severity CVSS v4.0: Pending analysis
Last modification:
05/11/2019

CVE-2019-18229
Publication date:
31/10/2019
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2021

CVE-2019-16675
Publication date:
31/10/2019
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside. After manipulation, the attacker needs to exchange the original files with the manipulated ones on the application programming workstation.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-16906
Publication date:
31/10/2019
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without authentication/authorization. These notifications are then no longer displayed to the normal user.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-16907
Publication date:
31/10/2019
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. It is possible to obtain a list of all valid Jira usernames without authentication/authorization via the plugins/servlet/nfj/UserFilter?searchQuery=@ URI.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-18228
Publication date:
31/10/2019
Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affected products where a specially crafted HTTP packet request could result in a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
29/09/2020

CVE-2019-18226
Publication date:
31/10/2019
Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.
Severity CVSS v4.0: Pending analysis
Last modification:
29/09/2020

CVE-2019-18227
Publication date:
31/10/2019
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2021

CVE-2019-16295
Publication date:
31/10/2019
Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local attacker who supplies a crafted filename within a directory visited by the victim.
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2023
Subscribe to Vulnerabilities