Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-7111

Publication date:

23/05/2019

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Severity CVSS v4.0: Pending analysis

Last modification:

21/08/2019

CVE-2019-7114

Publication date:

23/05/2019

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Severity CVSS v4.0: Pending analysis

Last modification:

21/08/2019

CVE-2019-7115

Publication date:

23/05/2019

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Severity CVSS v4.0: Pending analysis

Last modification:

21/08/2019

CVE-2019-7116

Publication date:

23/05/2019

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Severity CVSS v4.0: Pending analysis

Last modification:

21/08/2019

CVE-2019-7118

Publication date:

23/05/2019

Severity CVSS v4.0: Pending analysis

Last modification:

21/08/2019

CVE-2019-7119

Publication date:

23/05/2019

Severity CVSS v4.0: Pending analysis

Last modification:

21/08/2019

CVE-2019-12289

Publication date:

23/05/2019

An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files within the internal firmware or even steal account information by executing a command.

Severity CVSS v4.0: Pending analysis

Last modification:

24/08/2020

CVE-2019-7117

Publication date:

23/05/2019

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .

Severity CVSS v4.0: Pending analysis

Last modification:

24/08/2020

CVE-2019-7061

Publication date:

23/05/2019

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Severity CVSS v4.0: Pending analysis

Last modification:

12/10/2022

CVE-2017-11557

Publication date:

23/05/2019

An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company&#39;s network environment via a userconfiguration.do?method=editUser request.

Severity CVSS v4.0: Pending analysis

Last modification:

24/05/2019

CVE-2017-11560

Publication date:

23/05/2019

An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the application. Thus, an attacker can inject a malicious JavaScript payload inside the HTML file and upload it to the application.

Severity CVSS v4.0: Pending analysis

Last modification:

24/05/2019

CVE-2017-11559

Publication date:

23/05/2019

An issue was discovered in ZOHO ManageEngine OpManager 12.2. The &#39;apiKey&#39; parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack.

Severity CVSS v4.0: Pending analysis

Last modification:

24/05/2019

Subscribe to Vulnerabilities