Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-11930
Publication date:
04/12/2019
An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.
Severity CVSS v4.0: Pending analysis
Last modification:
08/02/2024

CVE-2019-11935
Publication date:
04/12/2019
Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.
Severity CVSS v4.0: Pending analysis
Last modification:
11/12/2019

CVE-2019-11934
Publication date:
04/12/2019
Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket. This issue affects folly prior to v2019.11.04.00.
Severity CVSS v4.0: Pending analysis
Last modification:
13/12/2019

CVE-2019-17556
Publication date:
04/12/2019
Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious metadata to the class, then it may result in running attacker's code in the worse case.
Severity CVSS v4.0: Pending analysis
Last modification:
13/12/2019

CVE-2019-11940
Publication date:
04/12/2019
In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table into a corrupted state, leading to a use-after-free condition and undefined behavior. This issue affects Proxygen from v0.29.0 until v2017.04.03.00.
Severity CVSS v4.0: Pending analysis
Last modification:
17/12/2019

CVE-2018-0729
Publication date:
04/12/2019
This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating Music Station to their latest versions.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-0730
Publication date:
04/12/2019
This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-0728
Publication date:
04/12/2019
This improper access control vulnerability in Helpdesk allows attackers to access the system logs. To fix the vulnerability, QNAP recommend updating QTS and Helpdesk to their latest versions.
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2019

CVE-2019-11923
Publication date:
04/12/2019
In Mcrouter prior to v0.41.0, the deprecated ASCII parser would allocate a buffer to a user-specified length with no maximum length enforced, allowing for resource exhaustion or denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-11937
Publication date:
04/12/2019
In Mcrouter prior to v0.41.0, a large struct input provided to the Carbon protocol reader could result in stack exhaustion and denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-15638
Publication date:
04/12/2019
COPA-DATA zenone32 zenon Editor through 8.10 has an Uncontrolled Search Path Element.
Severity CVSS v4.0: Pending analysis
Last modification:
14/12/2019

CVE-2019-14909
Publication date:
04/12/2019
A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2019
Subscribe to Vulnerabilities