Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-8029
Publication date:
30/05/2019
In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-11091
Publication date:
30/05/2019
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-8457
Publication date:
30/05/2019
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-12126
Publication date:
30/05/2019
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-12127
Publication date:
30/05/2019
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-12130
Publication date:
30/05/2019
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-15131
Publication date:
30/05/2019
An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2019

CVE-2019-12459
Publication date:
30/05/2019
FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. This issue has been fixed in FileRun 2019.06.01.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2021

CVE-2019-12458
Publication date:
30/05/2019
FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has been fixed in FileRun 2019.06.01.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2021

CVE-2019-12460
Publication date:
30/05/2019
Web Port 1.19.1 allows XSS via the /access/setup type parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
23/06/2020

CVE-2019-12461
Publication date:
30/05/2019
Web Port 1.19.1 allows XSS via the /log type parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
23/06/2020

CVE-2019-12457
Publication date:
30/05/2019
FileRun 2019.05.21 allows images/extjs Directory Listing. This issue has been fixed in FileRun 2019.06.01.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2021
Subscribe to Vulnerabilities