Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-1220

Publication date:

11/09/2019

A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka &#39;Microsoft Browser Security Feature Bypass Vulnerability&#39;.

Severity CVSS v4.0: Pending analysis

Last modification:

24/08/2020

CVE-2019-1221

Publication date:

11/09/2019

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka &#39;Scripting Engine Memory Corruption Vulnerability&#39;.

Severity CVSS v4.0: Pending analysis

Last modification:

24/08/2020

CVE-2019-0928

Publication date:

11/09/2019

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka &#39;Windows Hyper-V Denial of Service Vulnerability&#39;.

Severity CVSS v4.0: Pending analysis

Last modification:

12/09/2019

CVE-2019-0787

Publication date:

11/09/2019

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka &#39;Remote Desktop Client Remote Code Execution Vulnerability&#39;. This CVE ID is unique from CVE-2019-0788, CVE-2019-1290, CVE-2019-1291.

Severity CVSS v4.0: Pending analysis

Last modification:

24/08/2020

CVE-2019-0788

Publication date:

11/09/2019

Severity CVSS v4.0: Pending analysis

Last modification:

24/08/2020

CVE-2019-13536

Publication date:

11/09/2019

Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code.

Severity CVSS v4.0: Pending analysis

Last modification:

28/10/2021

CVE-2019-10074

Publication date:

11/09/2019

An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when encoding has been disabled on such a field. This was the case for the Customer Request "story" input in the Order Manager application. Encoding should not be disabled without good reason and never within a field that accepts user input. Mitigation: Upgrade to 16.11.06 or manually apply the following commit on branch 16.11: r1858533

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2019-10073

Publication date:

11/09/2019

The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16.11: 1858438, 1858543, 1860595 and 1860616

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2019-13544

Publication date:

11/09/2019

Delta Electronics TPEditor, Versions 1.94 and prior. Multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files, which may allow remote code execution.

Severity CVSS v4.0: Pending analysis

Last modification:

09/10/2019

CVE-2019-13540

Publication date:

11/09/2019

Delta Electronics TPEditor, Versions 1.94 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code.

Severity CVSS v4.0: Pending analysis

Last modification:

16/10/2020

CVE-2019-15302

Publication date:

11/09/2019

The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker (who has access to a Rich Text pad with editing rights for the URL) to corrupt it (i.e., cause data loss) via a trivial URL modification.

Severity CVSS v4.0: Pending analysis

Last modification:

24/08/2020

CVE-2019-0189

Publication date:

11/09/2019

The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the "deserialize" method of "XmlSerializer". Apache Ofbiz is affected via two different dependencies: "commons-beanutils" and an out-dated version of "commons-fileupload" Mitigation: Upgrade to 16.11.06 or manually apply the commits from OFBIZ-10770 and OFBIZ-10837 on branch 16

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

Subscribe to Vulnerabilities