Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-7623
Publication date:
02/04/2020
jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-19094
Publication date:
02/04/2020
Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2023

CVE-2019-19095
Publication date:
02/04/2020
Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database.
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2023

CVE-2019-19096
Publication date:
02/04/2020
The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality.
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2023

CVE-2019-19097
Publication date:
02/04/2020
ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection.
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2023

CVE-2019-19348
Publication date:
02/04/2020
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-19346
Publication date:
02/04/2020
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-19002
Publication date:
02/04/2020
For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting.
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2023

CVE-2019-19003
Publication date:
02/04/2020
For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting.
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2023

CVE-2019-19089
Publication date:
02/04/2020
For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript.
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2023

CVE-2019-19090
Publication date:
02/04/2020
For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping.
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2023

CVE-2019-19091
Publication date:
02/04/2020
For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack.
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2023
Subscribe to Vulnerabilities