Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-13201
Publication date:
13/03/2020
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the LPD service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) in the LPD service and potentially execute arbitrary code on the device.
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2020

CVE-2019-13198
Publication date:
13/03/2020
The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions.
Severity CVSS v4.0: Pending analysis
Last modification:
19/03/2020

CVE-2019-13195
Publication date:
13/03/2020
The web application of some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system.
Severity CVSS v4.0: Pending analysis
Last modification:
19/03/2020

CVE-2019-13194
Publication date:
13/03/2020
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a specific URL.
Severity CVSS v4.0: Pending analysis
Last modification:
16/08/2023

CVE-2019-19611
Publication date:
13/03/2020
An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the exposed web services allows an anonymous user to access the list of connected users as well as the session cookie for each user. Fixed in Release 10.24.11206.1
Severity CVSS v4.0: Pending analysis
Last modification:
21/12/2021

CVE-2019-14309
Publication date:
13/03/2020
Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders.
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2020

CVE-2019-13199
Publication date:
13/03/2020
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device.
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2020

CVE-2019-13200
Publication date:
13/03/2020
The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions.
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2020

CVE-2019-14303
Publication date:
13/03/2020
Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). Some Ricoh printers were affected by a wrong LPD service implementation that lead to a denial of service vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-14310
Publication date:
13/03/2020
Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified in the way of how the embedded device parsed the IPP packets
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-14299
Publication date:
13/03/2020
Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-13193
Publication date:
13/03/2020
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a stack buffer overflow vulnerability as the web server did not parse the cookie value properly. This would allow an attacker to execute arbitrary code on the device.
Severity CVSS v4.0: Pending analysis
Last modification:
16/08/2023
Subscribe to Vulnerabilities