Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-16198
Publication date:
03/10/2019
KSLabs KSWEB 3.93 allows ../ directory traversal, as demonstrated by the hostFile parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2019-16328
Publication date:
03/10/2019
In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2022

CVE-2019-17110
Publication date:
03/10/2019
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-10223. Reason: This candidate is a duplicate of CVE-2019-10223. Notes: All CVE users should reference CVE-2019-10223 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-16931
Publication date:
03/10/2019
A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. This occurs because classes/Visualizer/Gutenberg/Block.php registers wp-json/visualizer/v1/update-chart with no access control, and classes/Visualizer/Render/Page/Data.php lacks output sanitization.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2019-15162
Publication date:
03/10/2019
rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-15163
Publication date:
03/10/2019
rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-15164
Publication date:
03/10/2019
rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-15161
Publication date:
03/10/2019
rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-16866
Publication date:
03/10/2019
Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-15165
Publication date:
03/10/2019
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.
Severity CVSS v4.0: Pending analysis
Last modification:
03/12/2025

CVE-2019-15166
Publication date:
03/10/2019
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
Severity CVSS v4.0: Pending analysis
Last modification:
03/12/2025

CVE-2018-14880
Publication date:
03/10/2019
The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities