Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-12220
Publication date:
20/05/2019
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-12222
Publication date:
20/05/2019
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-12211
Publication date:
20/05/2019
When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-12213
Publication date:
20/05/2019
When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-12214
Publication date:
20/05/2019
In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2019

CVE-2019-12212
Publication date:
20/05/2019
When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-12215
Publication date:
20/05/2019
A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this issue, stating "avoid reporting path disclosures, as we don't consider them as security vulnerabilities.
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2024

CVE-2018-12270
Publication date:
20/05/2019
In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web sites.
Severity CVSS v4.0: Pending analysis
Last modification:
07/02/2022

CVE-2019-12206
Publication date:
20/05/2019
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2022

CVE-2019-12207
Publication date:
20/05/2019
njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2022

CVE-2019-12208
Publication date:
20/05/2019
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2022

CVE-2019-11809
Publication date:
20/05/2019
An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.
Severity CVSS v4.0: Pending analysis
Last modification:
20/05/2019
Subscribe to Vulnerabilities