Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-8079
Publication date:
24/10/2019
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
28/10/2019

CVE-2019-18417
Publication date:
24/10/2019
Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files.
Severity CVSS v4.0: Pending analysis
Last modification:
28/10/2019

CVE-2019-18416
Publication date:
24/10/2019
Sourcecodester Restaurant Management System 1.0 allows XSS via the Last Name field of a member.
Severity CVSS v4.0: Pending analysis
Last modification:
28/10/2019

CVE-2019-18415
Publication date:
24/10/2019
Sourcecodester Restaurant Management System 1.0 allows XSS via the "send a message" screen.
Severity CVSS v4.0: Pending analysis
Last modification:
28/10/2019

CVE-2019-18414
Publication date:
24/10/2019
Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a crafted HTML page.
Severity CVSS v4.0: Pending analysis
Last modification:
28/10/2019

CVE-2019-12095
Publication date:
24/10/2019
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-12094
Publication date:
24/10/2019
Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI.
Severity CVSS v4.0: Pending analysis
Last modification:
03/12/2019

CVE-2019-9699
Publication date:
24/10/2019
Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-5012
Publication date:
24/10/2019
An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit.
Severity CVSS v4.0: Pending analysis
Last modification:
07/06/2022

CVE-2019-5013
Publication date:
24/10/2019
An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the start/stopLaunchDProcess command. The command takes a user-supplied string argument and executes launchctl under root context. A user with local access can use this vulnerability to raise load arbitrary launchD agents. An attacker would need local access to the machine for a successful exploit.
Severity CVSS v4.0: Pending analysis
Last modification:
07/06/2022

CVE-2019-18196
Publication date:
24/10/2019
A DLL side loading vulnerability in the Windows Service in TeamViewer versions up to 11.0.133222 (fixed in 11.0.214397), 12.0.181268 (fixed in 12.0.214399), 13.2.36215 (fixed in 13.2.36216), and 14.6.4835 (fixed in 14.7.1965) on Windows could allow an attacker to perform code execution on a target system via a service restart where the DLL was previously installed with administrative privileges. Exploitation requires that an attacker be able to create a new file in the TeamViewer application directory; directory permissions restrict that by default.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2019

CVE-2019-11021
Publication date:
24/10/2019
admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution. NOTE: "While inadvertently allowing a PHP file to be uploaded via Media Manager was an oversight, it still requires an admin permission. We think it's pretty rare for an administrator to exploit a bug on his/her own site to own his/her own site.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2024
Subscribe to Vulnerabilities