Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-13390
Publication date:
07/07/2019
In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c.
Severity CVSS v4.0: Pending analysis
Last modification:
27/07/2020

CVE-2019-13391
Publication date:
07/07/2019
In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels.
Severity CVSS v4.0: Pending analysis
Last modification:
08/09/2020

CVE-2019-13379
Publication date:
07/07/2019
On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-13183
Publication date:
07/07/2019
Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings.
Severity CVSS v4.0: Pending analysis
Last modification:
09/07/2019

CVE-2019-13372
Publication date:
06/07/2019
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-13373
Publication date:
06/07/2019
An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-13375
Publication date:
06/07/2019
A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-13374
Publication date:
06/07/2019
A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-13370
Publication date:
06/07/2019
index.php/admin/permissions in Ignited CMS through 2017-02-19 allows CSRF to add an administrator.
Severity CVSS v4.0: Pending analysis
Last modification:
16/02/2024

CVE-2019-13362
Publication date:
06/07/2019
Codedoc v3.2 has a stack-based buffer overflow in add_variable in codedoc.c, related to codedoc_strlcpy.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-1932
Publication date:
06/07/2019
A vulnerability in Cisco Advanced Malware Protection (AMP) for Endpoints for Windows could allow an authenticated, local attacker with administrator privileges to execute arbitrary code. The vulnerability is due to insufficient validation of dynamically loaded modules. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows filesystem. A successful exploit could allow the attacker to execute the code with the privileges of the AMP service.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2019-1933
Publication date:
06/07/2019
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper input validation of certain email fields. An attacker could exploit this vulnerability by sending a crafted email message to a recipient protected by the ESA. A successful exploit could allow the attacker to bypass configured message filters and inject arbitrary scripting code inside the email body. The malicious code is not executed by default unless the recipient's email client is configured to execute scripts contained in emails.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019
Subscribe to Vulnerabilities