Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2009-5047
Publication date:
15/11/2019
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-4611. Reason: This candidate is a duplicate of CVE-2009-4611. Notes: All CVE users should reference CVE-2009-4611 rather than this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2014-0021
Publication date:
15/11/2019
Chrony before 1.29.1 has traffic amplification in cmdmon protocol
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2020

CVE-2013-7089
Publication date:
15/11/2019
ClamAV before 0.97.7: dbg_printhex possible information leak
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2020

CVE-2013-7087
Publication date:
15/11/2019
ClamAV before 0.97.7 has WWPack corrupt heap memory
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2020

CVE-2013-7088
Publication date:
15/11/2019
ClamAV before 0.97.7 has buffer overflow in the libclamav component
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2020

CVE-2013-4584
Publication date:
15/11/2019
Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2023

CVE-2014-0023
Publication date:
15/11/2019
OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2019

CVE-2019-14345
Publication date:
15/11/2019
TemaTres 3.0 allows remote unprivileged users to create an administrator account
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-14343
Publication date:
15/11/2019
TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-14869
Publication date:
15/11/2019
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-18987
Publication date:
15/11/2019
An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Once a specific abuse filter has (accidentally or otherwise) been made public, its previous versions can be exposed, thus potentially disclosing private or sensitive information within the filter's definition.
Severity CVSS v4.0: Pending analysis
Last modification:
22/11/2019

CVE-2019-18986
Publication date:
15/11/2019
Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2019
Subscribe to Vulnerabilities