Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-19040
Publication date:
17/11/2019
KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstrated by view.html?q= with a '"sampling":{"value":"' substring.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2019

CVE-2019-19041
Publication date:
17/11/2019
An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by the underlying system. It is possible to achieve this by modifying the values in the files.SUM file (which are used for integrity control) and injecting malicious code into the upgrade.sh file.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2019

CVE-2019-19022
Publication date:
17/11/2019
iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git repositories.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2019

CVE-2019-19035
Publication date:
17/11/2019
jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-19012
Publication date:
17/11/2019
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-19011
Publication date:
17/11/2019
MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueColor in ngiflib.c via a file that lacks a palette.
Severity CVSS v4.0: Pending analysis
Last modification:
06/06/2024

CVE-2019-19010
Publication date:
16/11/2019
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-16762
Publication date:
15/11/2019
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any version >= 0.21.4.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2019

CVE-2019-16761
Publication date:
15/11/2019
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slp-validate@1.0.0 npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions >1.0.0 have been patched.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2019

CVE-2019-13581
Publication date:
15/11/2019
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary code via malformed Wi-Fi packets.
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2020

CVE-2019-6660
Publication date:
15/11/2019
On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2019

CVE-2019-6663
Publication date:
15/11/2019
The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning (DNS Rebinding) attack.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2019
Subscribe to Vulnerabilities