Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-19927
Publication date:
31/12/2019
In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module.
Severity CVSS v4.0: Pending analysis
Last modification:
14/05/2020

CVE-2019-7478
Publication date:
31/12/2019
A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1.
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2020

CVE-2019-20168
Publication date:
31/12/2019
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a use-after-free in the function gf_isom_box_dump_ex() in isomedia/box_funcs.c.
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2020

CVE-2019-20170
Publication date:
31/12/2019
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c.
Severity CVSS v4.0: Pending analysis
Last modification:
14/10/2022

CVE-2019-20171
Publication date:
31/12/2019
An issue was discovered in GPAC version 0.5.2 and 0.9.0-development-20191109. There are memory leaks in metx_New in isomedia/box_code_base.c and abst_Read in isomedia/box_code_adobe.c.
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2025

CVE-2019-20169
Publication date:
31/12/2019
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a use-after-free in the function trak_Read() in isomedia/box_code_base.c.
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2020

CVE-2019-20160
Publication date:
31/12/2019
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a stack-based buffer overflow in the function av1_parse_tile_group() in media_tools/av_parsers.c.
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2020

CVE-2019-20159
Publication date:
31/12/2019
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a memory leak in dinf_New() in isomedia/box_code_base.c.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-20161
Publication date:
31/12/2019
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c.
Severity CVSS v4.0: Pending analysis
Last modification:
14/10/2022

CVE-2019-20162
Publication date:
31/12/2019
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c.
Severity CVSS v4.0: Pending analysis
Last modification:
14/10/2022

CVE-2019-20163
Publication date:
31/12/2019
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c.
Severity CVSS v4.0: Pending analysis
Last modification:
14/10/2022

CVE-2019-20165
Publication date:
31/12/2019
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function ilst_item_Read() in isomedia/box_code_apple.c.
Severity CVSS v4.0: Pending analysis
Last modification:
14/10/2022
Subscribe to Vulnerabilities