Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-13081
Publication date:
06/11/2019
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the title field in the /common/ticket_associated_tickets.php service desk ticket functionality) that allows an authenticated user to execute arbitrary JavaScript in a service desk user's browser.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2019

CVE-2019-12917
Publication date:
06/11/2019
A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library.php component via the PATH_INFO.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2019

CVE-2019-12918
Publication date:
06/11/2019
Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is software_library.php and affected parameters are order[0][column] and order[0][dir].
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2019

CVE-2019-13076
Publication date:
06/11/2019
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticket_list.php, and affected parameters are order[0][column] and order[0][dir].
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2019

CVE-2019-13077
Publication date:
06/11/2019
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SAM_TYPE parameter) that allows an attacker to create a malicious link in order to attack authenticated users.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2019

CVE-2019-13078
Publication date:
06/11/2019
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /common/user_profile.php. The affected parameter is sort_column.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2019

CVE-2019-13079
Publication date:
06/11/2019
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /adminui/history_log.php. The affected parameter is TYPE_NAME.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2019

CVE-2019-13080
Publication date:
06/11/2019
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2019

CVE-2014-8181
Publication date:
06/11/2019
The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.
Severity CVSS v4.0: Pending analysis
Last modification:
15/07/2021

CVE-2011-4625
Publication date:
06/11/2019
simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2016-4401
Publication date:
06/11/2019
Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
08/11/2019

CVE-2018-20320
Publication date:
06/11/2019
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11032. Reason: This candidate is a reservation duplicate of CVE-2019-11032. Notes: All CVE users should reference CVE-2019-11032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities