Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-3921
Publication date:
05/03/2019
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usb_Form?script/. An attacker can leverage this vulnerability to potentially execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2020

CVE-2019-3922
Publication date:
05/03/2019
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponForm/fsetup_Form. An attacker can leverage this vulnerability to potentially execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2020

CVE-2019-6518
Publication date:
05/03/2019
Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device.
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2020

CVE-2019-6520
Publication date:
05/03/2019
Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes.
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2020

CVE-2019-6524
Publication date:
05/03/2019
Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack.
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2020

CVE-2019-6528
Publication date:
05/03/2019
PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security Proxy versions Telecontrol Gateway 3G Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Telecontrol Gateway XS-MU Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Telecontrol Gateway VM Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Smart Telecontrol Unit TCG Versions 5.0.27, 5.1.19, 6.0.16 and prior, and IEC104 Security Proxy Version 2.2.10 and prior The web application browser interprets input as active HTML, JavaScript, or VBScript, which could allow an attacker to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2020

CVE-2019-6563
Publication date:
05/03/2019
Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device.
Severity CVSS v4.0: Pending analysis
Last modification:
05/10/2020

CVE-2019-6557
Publication date:
05/03/2019
Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2022

CVE-2019-6559
Publication date:
05/03/2019
Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2022

CVE-2019-6561
Publication date:
05/03/2019
Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2022

CVE-2019-6565
Publication date:
05/03/2019
Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2022

CVE-2019-6522
Publication date:
05/03/2019
Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2022
Subscribe to Vulnerabilities