Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-4204
Publication date:
10/05/2019
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159125.
Severity CVSS v4.0: Pending analysis
Last modification:
15/05/2019

CVE-2019-11878
Publication date:
10/05/2019
An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200 cameras. An attacker on the same local network as the camera can craft a message with a size field larger than 0x80000000 and send it to the camera, related to an integer overflow or use of a negative number. This then crashes the camera for about 120 seconds.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2019

CVE-2018-1790
Publication date:
10/05/2019
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 148944.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2017-12885
Publication date:
10/05/2019
OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
Severity CVSS v4.0: Pending analysis
Last modification:
10/05/2019

CVE-2017-12795
Publication date:
10/05/2019
OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation).
Severity CVSS v4.0: Pending analysis
Last modification:
10/05/2019

CVE-2017-12789
Publication date:
10/05/2019
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2019

CVE-2015-1006
Publication date:
10/05/2019
A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2019-1867
Publication date:
10/05/2019
A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2019-11871
Publication date:
10/05/2019
The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for editors or admins.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2019

CVE-2019-11870
Publication date:
09/05/2019
Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
Severity CVSS v4.0: Pending analysis
Last modification:
10/05/2019

CVE-2019-11869
Publication date:
09/05/2019
The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that is_admin() verifies that the request comes from an admin user (it actually only verifies that the request is for an admin page). An unauthenticated attacker can inject a payload into the plugin settings, such as the yuzo_related_post_css_and_style setting.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2019

CVE-2018-20837
Publication date:
09/05/2019
include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS.
Severity CVSS v4.0: Pending analysis
Last modification:
10/05/2019
Subscribe to Vulnerabilities