Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2010-4657
Publication date:
13/11/2019
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2019-2210
Publication date:
13/11/2019
In load_logging_config of qmi_vs_service.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-139148442
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-18844
Publication date:
13/11/2019
The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2020

CVE-2019-18884
Publication date:
13/11/2019
index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2019

CVE-2019-18883
Publication date:
13/11/2019
XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field.
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2019

CVE-2019-9466
Publication date:
13/11/2019
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-9503. Reason: This candidate is a duplicate of CVE-2019-9503. Notes: All CVE users should reference CVE-2019-9503 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-9467
Publication date:
13/11/2019
In the Bootloader, there is a possible kernel command injection due to missing command sanitization. This could lead to a local elevation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-80316910
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2010-4654
Publication date:
13/11/2019
poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2019-18793
Publication date:
13/11/2019
Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/index.htm? via the "fileName" parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2019

CVE-2019-18837
Publication date:
13/11/2019
An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in libcrun/linux.c and libcrun/chroot_realpath.c.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2013-3516
Publication date:
13/11/2019
NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2019

CVE-2010-4653
Publication date:
13/11/2019
An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024
Subscribe to Vulnerabilities