Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-9827
Publication date:
03/07/2019
Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2019

CVE-2019-13074
Publication date:
03/07/2019
A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-10102
Publication date:
03/07/2019
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2023

CVE-2019-10103
Publication date:
03/07/2019
JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2023

CVE-2019-10101
Publication date:
03/07/2019
JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2023

CVE-2019-12842
Publication date:
03/07/2019
A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2.
Severity CVSS v4.0: Pending analysis
Last modification:
05/07/2019

CVE-2019-12841
Publication date:
03/07/2019
Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2.
Severity CVSS v4.0: Pending analysis
Last modification:
09/07/2019

CVE-2019-12852
Publication date:
03/07/2019
An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2019

CVE-2019-12843
Publication date:
03/07/2019
A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-12844
Publication date:
03/07/2019
A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-12845
Publication date:
03/07/2019
The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-12846
Publication date:
03/07/2019
A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020
Subscribe to Vulnerabilities