Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-15918
Publication date:
04/09/2019
An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2023

CVE-2019-15922
Publication date:
04/09/2019
An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c.
Severity CVSS v4.0: Pending analysis
Last modification:
04/10/2019

CVE-2019-15923
Publication date:
04/09/2019
An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c.
Severity CVSS v4.0: Pending analysis
Last modification:
04/10/2019

CVE-2019-15924
Publication date:
04/09/2019
An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure.
Severity CVSS v4.0: Pending analysis
Last modification:
14/09/2019

CVE-2019-15920
Publication date:
04/09/2019
An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents a memory leak.
Severity CVSS v4.0: Pending analysis
Last modification:
11/12/2019

CVE-2019-15919
Publication date:
04/09/2019
An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free.
Severity CVSS v4.0: Pending analysis
Last modification:
11/12/2019

CVE-2019-15921
Publication date:
04/09/2019
An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-15917
Publication date:
04/09/2019
An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c.
Severity CVSS v4.0: Pending analysis
Last modification:
11/08/2023

CVE-2019-6643
Publication date:
04/09/2019
On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, and 11.5.2-11.6.4, an attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured with a DHCPv6 profile may be able to cause the TMM process to produce a core file.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-6646
Publication date:
04/09/2019
On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run commands with admin privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-6644
Publication date:
04/09/2019
Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-6647
Publication date:
04/09/2019
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, when processing authentication attempts for control-plane users MCPD leaks a small amount of memory. Under rare conditions attackers with access to the management interface could eventually deplete memory on the system.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020
Subscribe to Vulnerabilities