Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-10978

Publication date:

23/09/2019

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area.

Severity CVSS v4.0: Pending analysis

Last modification:

01/03/2023

CVE-2019-10984

Publication date:

23/09/2019

Severity CVSS v4.0: Pending analysis

Last modification:

13/02/2023

CVE-2019-10990

Publication date:

23/09/2019

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files.

Severity CVSS v4.0: Pending analysis

Last modification:

01/03/2023

CVE-2019-10996

Publication date:

23/09/2019

Severity CVSS v4.0: Pending analysis

Last modification:

01/03/2023

CVE-2019-10090

Publication date:

23/09/2019

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim&#39;s browser and get some sensitive information about the victim.

Severity CVSS v4.0: Pending analysis

Last modification:

23/09/2019

CVE-2019-12407

Publication date:

23/09/2019

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim&#39;s browser and get some sensitive information about the victim.

Severity CVSS v4.0: Pending analysis

Last modification:

23/09/2019

CVE-2018-21019

Publication date:

23/09/2019

Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application&#39;s error log via components/api.py.

Severity CVSS v4.0: Pending analysis

Last modification:

23/09/2019

CVE-2019-13063

Publication date:

23/09/2019

Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be used to steal and obtain sensitive config and other files. This can result in complete compromise of the application. The script parameter is vulnerable to directory traversal and both local and remote file inclusion.

Severity CVSS v4.0: Pending analysis

Last modification:

23/09/2019

CVE-2019-10087

Publication date:

23/09/2019

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim&#39;s browser and get some sensitive information about the victim.

Severity CVSS v4.0: Pending analysis

Last modification:

23/09/2019

CVE-2019-10089

Publication date:

23/09/2019

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim&#39;s browser and get some sensitive information about the victim.

Severity CVSS v4.0: Pending analysis

Last modification:

23/09/2019

CVE-2019-12404

Publication date:

23/09/2019

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim&#39;s browser and get some sensitive information about the victim.

Severity CVSS v4.0: Pending analysis

Last modification:

23/09/2019

CVE-2019-16518

Publication date:

23/09/2019

An issue was discovered on Swell Kit Mod devices that use the Vandy Vape platform. An attacker may be able to trigger an unintended temperature in the victim&#39;s mouth and throat via Bluetooth Low Energy (BLE) packets that specify large power or voltage values.

Severity CVSS v4.0: Pending analysis

Last modification:

23/09/2019

Subscribe to Vulnerabilities