Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-15819
Publication date:
30/08/2019
The nd-restaurant-reservations plugin before 1.5 for WordPress has no requirement for nd_rst_import_settings_php_function authentication.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-15821
Publication date:
30/08/2019
The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-15823
Publication date:
30/08/2019
The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-15824
Publication date:
30/08/2019
The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-15825
Publication date:
30/08/2019
The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-5612
Publication date:
30/08/2019
In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat's data buffer.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2023

CVE-2019-6113
Publication date:
30/08/2019
Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. (dot dot) and %2f to the default URI.
Severity CVSS v4.0: Pending analysis
Last modification:
04/09/2019

CVE-2019-9697
Publication date:
30/08/2019
An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-5608
Publication date:
30/08/2019
In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2023

CVE-2019-5609
Publication date:
30/08/2019
In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the size of the on-stack buffer without validation when TCP segmentation offload is requested for a transmitted packet. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2023

CVE-2019-5610
Publication date:
30/08/2019
In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of-bounds read or trigger a crash of the software such as bsnmpd resulting in a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2023

CVE-2019-5611
Publication date:
30/08/2019
In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2023
Subscribe to Vulnerabilities