Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-18378
Publication date:
11/12/2019
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.
Severity CVSS v4.0: Pending analysis
Last modification:
13/12/2019

CVE-2019-18379
Publication date:
11/12/2019
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface.
Severity CVSS v4.0: Pending analysis
Last modification:
13/12/2019

CVE-2014-0163
Publication date:
11/12/2019
Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2019

CVE-2019-10772
Publication date:
11/12/2019
It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by the sanitizer.
Severity CVSS v4.0: Pending analysis
Last modification:
17/12/2019

CVE-2019-14899
Publication date:
11/12/2019
A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.
Severity CVSS v4.0: Pending analysis
Last modification:
01/03/2023

CVE-2019-4715
Publication date:
11/12/2019
IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-15009
Publication date:
11/12/2019
The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-15008
Publication date:
11/12/2019
The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
12/12/2019

CVE-2019-15007
Publication date:
11/12/2019
The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch.
Severity CVSS v4.0: Pending analysis
Last modification:
12/12/2019

CVE-2019-4665
Publication date:
11/12/2019
IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171247.
Severity CVSS v4.0: Pending analysis
Last modification:
12/12/2019

CVE-2014-0091
Publication date:
11/12/2019
Foreman has improper input validation which could lead to partial Denial of Service
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2023

CVE-2013-7371
Publication date:
11/12/2019
node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370)
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2019
Subscribe to Vulnerabilities