Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-14464
Publication date:
31/07/2019
XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a heap-based buffer overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-14465
Publication date:
31/07/2019
fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-based buffer overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2023

CVE-2019-14462
Publication date:
31/07/2019
An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-10181
Publication date:
31/07/2019
It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2023

CVE-2019-10185
Publication date:
31/07/2019
It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox.
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2023

CVE-2015-5297
Publication date:
31/07/2019
An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to crash or, potentially, execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2019-7000
Publication date:
31/07/2019
A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2023

CVE-2019-10186
Publication date:
31/07/2019
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2023

CVE-2019-10182
Publication date:
31/07/2019
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user.
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2023

CVE-2019-10187
Publication date:
31/07/2019
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2020

CVE-2019-10189
Publication date:
31/07/2019
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2020

CVE-2019-10198
Publication date:
31/07/2019
An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, if they can discover or guess the UUID of the task.
Severity CVSS v4.0: Pending analysis
Last modification:
30/09/2020
Subscribe to Vulnerabilities