Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-0173
Publication date:
19/08/2019
Authentication bypass in the web console for Intel(R) Raid Web Console 2 all versions may allow an unauthenticated attacker to potentially enable disclosure of information via network access.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-11143
Publication date:
19/08/2019
Improper permissions in the software installer for Intel(R) Authenticate before 3.8 may allow an authenticated user to potentially enable escalation of privilege via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-11148
Publication date:
19/08/2019
Improper permissions in the installer for Intel(R) Remote Displays SDK before version 2.0.1 R2 may allow an authenticated user to potentially enable escalation of privilege via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-11162
Publication date:
19/08/2019
Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-11163
Publication date:
19/08/2019
Insufficient access control in a hardware abstraction driver for Intel(R) Processor Identification Utility for Windows before version 6.1.0731 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-6178
Publication date:
19/08/2019
An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their contents.
Severity CVSS v4.0: Pending analysis
Last modification:
14/10/2022

CVE-2019-6165
Publication date:
19/08/2019
A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Lenovo has ended support for PaperDisplay Hotkey software as the Night light feature introduced in Windows 10 Build 1703 provides similar features.
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2023

CVE-2019-11276
Publication date:
19/08/2019
Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and subsequent requests via unsecured http. An adjacent unauthenticated user could eavesdrop on the network traffic and gain access to the unencrypted token allowing the attacker to read the type of access a user has over an app. They may also modify the logging level, potentially leading to lost information that would otherwise have been logged.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2020

CVE-2019-6171
Publication date:
19/08/2019
A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2022

CVE-2019-5631
Publication date:
19/08/2019
The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the 'prunsrv.exe' component of the product. If exploited, a local user of the system (who must already be authenticated to the operating system) can elevate their privileges with this vulnerability to the privilege level of InsightAppSec (usually, SYSTEM). This issue affects version 2019.06.24 and prior versions of the product.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2023

CVE-2019-6159
Publication date:
19/08/2019
A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM log which may then be executed in the user's web browser when IMM log records containing the JavaScript code are viewed. The JavaScript code is not executed on IMM itself. The later IMM2 (IMM v2) is not affected.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2023

CVE-2019-15160
Publication date:
19/08/2019
The SweetXml (aka sweet_xml) package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service (resource consumption) via an XML entity expansion attack with an inline DTD.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021
Subscribe to Vulnerabilities