Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-3717
Publication date:
05/08/2019
Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted code on expansion cards installed in the system during platform boot. Refer to https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en for versions affected by this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2023

CVE-2019-3800
Publication date:
05/08/2019
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2019-11270
Publication date:
05/08/2019
Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.
Severity CVSS v4.0: Pending analysis
Last modification:
02/10/2020

CVE-2019-14348
Publication date:
05/08/2019
The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
09/08/2019

CVE-2019-4473
Publication date:
05/08/2019
Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2023

CVE-2019-4284
Publication date:
05/08/2019
IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512.
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2022

CVE-2019-4261
Publication date:
05/08/2019
IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013.
Severity CVSS v4.0: Pending analysis
Last modification:
01/01/2022

CVE-2017-18477
Publication date:
05/08/2019
In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206).
Severity CVSS v4.0: Pending analysis
Last modification:
12/08/2019

CVE-2017-18478
Publication date:
05/08/2019
In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207).
Severity CVSS v4.0: Pending analysis
Last modification:
12/08/2019

CVE-2017-18480
Publication date:
05/08/2019
cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210).
Severity CVSS v4.0: Pending analysis
Last modification:
12/08/2019

CVE-2017-18479
Publication date:
05/08/2019
In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).
Severity CVSS v4.0: Pending analysis
Last modification:
12/08/2019

CVE-2017-18482
Publication date:
05/08/2019
cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213).
Severity CVSS v4.0: Pending analysis
Last modification:
12/08/2019
Subscribe to Vulnerabilities