Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-6284

Publication date:

14/01/2019

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.

Severity CVSS v4.0: Pending analysis

Last modification:

28/02/2023

CVE-2019-6285

Publication date:

14/01/2019

The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

Severity CVSS v4.0: Pending analysis

Last modification:

03/11/2025

CVE-2019-6278

Publication date:

14/01/2019

XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option.

Severity CVSS v4.0: Pending analysis

Last modification:

18/01/2019

CVE-2018-16886

Publication date:

14/01/2019

etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2019-6259

Publication date:

14/01/2019

An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

16/01/2019

CVE-2018-1967

Publication date:

14/01/2019

IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153748.

Severity CVSS v4.0: Pending analysis

Last modification:

09/10/2019

CVE-2018-1969

Publication date:

14/01/2019

IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product&#39;s environment. IBM X-Force ID: 153750.

Severity CVSS v4.0: Pending analysis

Last modification:

09/10/2019

CVE-2018-1956

Publication date:

14/01/2019

IBM Security Identity Manager 6.0.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 153628.

Severity CVSS v4.0: Pending analysis

Last modification:

24/08/2020

CVE-2019-6251

Publication date:

14/01/2019

WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2019-6256

Publication date:

14/01/2019

A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp.

Severity CVSS v4.0: Pending analysis

Last modification:

24/08/2020

CVE-2019-6257

Publication date:

14/01/2019

A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in php/elFinder.class.php.

Severity CVSS v4.0: Pending analysis

Last modification:

09/09/2021

CVE-2019-6250

Publication date:

13/01/2019

A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to run arbitrary code on the target system. The memory layout allows the attacker to inject OS commands into a data structure located immediately after the problematic buffer (i.e., it is not necessary to use a typical buffer-overflow exploitation technique that changes the flow of control).

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2019

Subscribe to Vulnerabilities