Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-0720
Publication date:
14/08/2019
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.<br /> An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.<br /> The security update addresses the vulnerability by correcting how Windows Hyper-V Network Switch validates guest operating system network traffic.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2024

CVE-2019-0716
Publication date:
14/08/2019
A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.<br /> To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding.<br /> The update addresses the vulnerability by correcting how Windows handles objects in memory.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2024

CVE-2019-15052
Publication date:
14/08/2019
The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007.
Severity CVSS v4.0: Pending analysis
Last modification:
02/03/2023

CVE-2019-12262
Publication date:
14/08/2019
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw).
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2022

CVE-2019-9583
Publication date:
14/08/2019
eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11, 3.43.16, 3.45.5, 3.45.7, 3.47.10, 3.47.15.
Severity CVSS v4.0: Pending analysis
Last modification:
10/04/2020

CVE-2018-19386
Publication date:
14/08/2019
SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the &amp;#39;Try Again&amp;#39; Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
Severity CVSS v4.0: Pending analysis
Last modification:
27/08/2019

CVE-2019-9582
Publication date:
14/08/2019
eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-3635
Publication date:
14/08/2019
Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows attackers to obtain sensitive data via crafting a complex webpage that will trigger the Web Gateway to block the user accessing an iframe.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-10199
Publication date:
14/08/2019
It was found that Keycloak&amp;#39;s account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.
Severity CVSS v4.0: Pending analysis
Last modification:
28/10/2021

CVE-2019-15053
Publication date:
14/08/2019
The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element.
Severity CVSS v4.0: Pending analysis
Last modification:
21/08/2019

CVE-2019-3637
Publication date:
14/08/2019
Privilege Escalation vulnerability in McAfee FRP 5.x prior to 5.1.0.209 allows local users to gain elevated privileges via running McAfee Tray with elevated privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-10201
Publication date:
14/08/2019
It was found that Keycloak&amp;#39;s SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
02/10/2020
Subscribe to Vulnerabilities