Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-18364
Publication date:
27/03/2019
phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
11/07/2019

CVE-2019-6536
Publication date:
27/03/2019
Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2019

CVE-2018-5923
Publication date:
27/03/2019
In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2019

CVE-2018-5927
Publication date:
27/03/2019
HP Support Assistant before 8.7.50.3 allows an unauthorized person with local access to load arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-5926
Publication date:
27/03/2019
A potential vulnerability has been identified in HP Remote Graphics Software’s certificate authentication process version 7.5.0 and earlier.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2020

CVE-2019-9860
Publication date:
27/03/2019
Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-9862
Publication date:
27/03/2019
An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because "encrypted signal transmission" is missing, an attacker is able to eavesdrop sensitive data as cleartext (for instance, the current rolling code state).
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-9863
Publication date:
27/03/2019
Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-5927
Publication date:
27/03/2019
Directory traversal vulnerability in 'an' App for iOS Version 3.2.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2019

CVE-2019-5926
Publication date:
27/03/2019
Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2019

CVE-2019-5419
Publication date:
27/03/2019
There is a possible denial of service vulnerability in Action View (Rails)
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-5420
Publication date:
27/03/2019
A remote code execution vulnerability in development mode Rails
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities