Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-10968
Publication date:
24/07/2019
Philips Holter 2010 Plus, all versions. A vulnerability has been identified that may allow system options that were not purchased to be enabled.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2020

CVE-2019-1010191
Publication date:
24/07/2019
marginalia
Severity CVSS v4.0: Pending analysis
Last modification:
29/07/2019

CVE-2019-1010179
Publication date:
24/07/2019
PHKP including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b is affected by: Improper Neutralization of Special Elements used in a Command ('Command Injection'). The impact is: It is possible to manipulate gpg-keys or execute commands remotely. The component is: function pgp_exec() phkp.php:98. The attack vector is: HKP-Api: /pks/lookup?search.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-1010189
Publication date:
24/07/2019
mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file. The fixed version is: 1.2.1.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-1010178
Publication date:
24/07/2019
Fred MODX Revolution
Severity CVSS v4.0: Pending analysis
Last modification:
30/09/2020

CVE-2019-1010193
Publication date:
24/07/2019
hisiphp 1.0.8 is affected by: Cross Site Scripting (XSS).
Severity CVSS v4.0: Pending analysis
Last modification:
26/07/2019

CVE-2019-1010190
Publication date:
24/07/2019
mgetty prior to 1.2.1 is affected by: out-of-bounds read. The impact is: DoS, the program may crash if the memory is not mapped. The component is: putwhitespan() in g3/pbm2g3.c. The attack vector is: Local, the victim must open a specially crafted file. The fixed version is: 1.2.1.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2020

CVE-2019-1010180
Publication date:
24/07/2019
GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-1010177
Publication date:
24/07/2019
Jsish 2.4.70 2.047 is affected by: Use After Free. The impact is: denial of service and possibly arbitrary code execution. The component is: function Jsi_RegExpNew (jsi/jsiRegexp.c:39). The attack vector is: executing crafted javascript code. The fixed version is: after commit 48a66c798d.
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2019

CVE-2019-1010163
Publication date:
24/07/2019
Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overflow - Local shell-code execution and Denial of Service. The impact is: Local privilege escalation (dependant upon conditions), shell code execution and denial-of-service. The component is: pdmlog.dll library. The attack vector is: The attacker must have access to local system (either directly, or remotley).
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-14249
Publication date:
24/07/2019
dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump.
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2019

CVE-2019-14248
Publication date:
24/07/2019
In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when "%pragma limit" is mishandled.
Severity CVSS v4.0: Pending analysis
Last modification:
07/08/2019
Subscribe to Vulnerabilities