Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-4132
Publication date:
29/08/2019
IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message. IBM X-Force ID: 158274.
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2022

CVE-2019-4133
Publication date:
29/08/2019
IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side (with access to client computer) to run a custom script. IBM X-Force ID: 158278.
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2022

CVE-2019-7307
Publication date:
29/08/2019
Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2023

CVE-2019-11476
Publication date:
29/08/2019
An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-execution in the context of the whoopsie process.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2023

CVE-2019-11500
Publication date:
29/08/2019
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-15785
Publication date:
29/08/2019
FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c.
Severity CVSS v4.0: Pending analysis
Last modification:
13/01/2020

CVE-2019-15745
Publication date:
29/08/2019
The Eques elf smart plug and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP port 27431. An attacker on the local network can use the same key to encrypt and send commands to discover all smart plugs in a network, take over control of a device, and perform actions such as turning it on and off.
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2019

CVE-2019-15778
Publication date:
29/08/2019
The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS.
Severity CVSS v4.0: Pending analysis
Last modification:
03/09/2019

CVE-2019-15786
Publication date:
29/08/2019
ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large rxpacket.
Severity CVSS v4.0: Pending analysis
Last modification:
03/09/2019

CVE-2019-15779
Publication date:
29/08/2019
The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete.
Severity CVSS v4.0: Pending analysis
Last modification:
03/09/2019

CVE-2019-15788
Publication date:
29/08/2019
Clara Genomics Analysis before 0.2.0 has an integer overflow for cudapoa memory management in allocate_block.cpp.
Severity CVSS v4.0: Pending analysis
Last modification:
03/09/2019

CVE-2019-15771
Publication date:
29/08/2019
The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
Severity CVSS v4.0: Pending analysis
Last modification:
04/09/2019
Subscribe to Vulnerabilities