Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-13975

Publication date:
04/09/2019
eGain Chat 15.0.3 allows HTML Injection.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-6645

Publication date:
04/09/2019
On BIG-IP 14.0.0-14.1.0.5, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, FTP traffic passing through a Virtual Server with both an active FTP profile associated and connection mirroring configured may lead to a TMM crash causing the configured HA action to be taken.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-15916

Publication date:
04/09/2019
An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-13522

Publication date:
04/09/2019
An attacker could use a specially crafted project file to corrupt the memory and execute code under the privileges of the EZ PLC Editor Versions 1.8.41 and prior.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2020

CVE-2019-13518

Publication date:
04/09/2019
An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the EZ Touch Editor Versions 2.1.0 and prior.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2019-15814

Publication date:
04/09/2019
Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML.
Severity CVSS v4.0: Pending analysis
Last modification:
04/09/2019

CVE-2019-10988

Publication date:
04/09/2019
In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in the old operating system could be exploited to affect this product.
Severity CVSS v4.0: Pending analysis
Last modification:
02/10/2020

CVE-2019-13209

Publication date:
04/09/2019
Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is accomplished, the exploiter is able to execute commands against the cluster's Kubernetes API with the permissions and identity of the victim.
Severity CVSS v4.0: Pending analysis
Last modification:
13/04/2022

CVE-2019-15813

Publication date:
04/09/2019
Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell.
Severity CVSS v4.0: Pending analysis
Last modification:
03/05/2022

CVE-2019-12588

Publication date:
04/09/2019
The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association responses, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.
Severity CVSS v4.0: Pending analysis
Last modification:
09/09/2019

CVE-2019-12587

Publication date:
04/09/2019
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames via a rogue access point.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-15718

Publication date:
04/09/2019
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023