Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-10709
Publication date:
04/09/2019
AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call.
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2019

CVE-2019-15902
Publication date:
04/09/2019
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.
Severity CVSS v4.0: Pending analysis
Last modification:
17/10/2019

CVE-2019-15903
Publication date:
04/09/2019
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2025

CVE-2019-15898
Publication date:
03/09/2019
Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page.
Severity CVSS v4.0: Pending analysis
Last modification:
04/09/2019

CVE-2019-15892
Publication date:
03/09/2019
An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-5479
Publication date:
03/09/2019
An unintended require vulnerability in
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2020

CVE-2019-5475
Publication date:
03/09/2019
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2019-5480
Publication date:
03/09/2019
A path traversal vulnerability in
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2019-5478
Publication date:
03/09/2019
A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior.
Severity CVSS v4.0: Pending analysis
Last modification:
27/11/2024

CVE-2019-6182
Publication date:
03/09/2019
A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formula is not executed on LXCA itself.
Severity CVSS v4.0: Pending analysis
Last modification:
14/10/2022

CVE-2019-6181
Publication date:
03/09/2019
A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on LXCA itself.
Severity CVSS v4.0: Pending analysis
Last modification:
14/10/2022

CVE-2019-6180
Publication date:
03/09/2019
A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself.
Severity CVSS v4.0: Pending analysis
Last modification:
14/10/2022
Subscribe to Vulnerabilities