Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-9860
Publication date:
27/03/2019
Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-9862
Publication date:
27/03/2019
An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because "encrypted signal transmission" is missing, an attacker is able to eavesdrop sensitive data as cleartext (for instance, the current rolling code state).
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-9863
Publication date:
27/03/2019
Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-5927
Publication date:
27/03/2019
Directory traversal vulnerability in 'an' App for iOS Version 3.2.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2019

CVE-2019-5926
Publication date:
27/03/2019
Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2019

CVE-2019-5419
Publication date:
27/03/2019
There is a possible denial of service vulnerability in Action View (Rails)
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-5420
Publication date:
27/03/2019
A remote code execution vulnerability in development mode Rails
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-5418
Publication date:
27/03/2019
There is a File Content Disclosure vulnerability in Action View
Severity CVSS v4.0: Pending analysis
Last modification:
30/10/2025

CVE-2018-16207
Publication date:
27/03/2019
PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows authenticated attackers to bypass access restriction to alter or edit unauthorized files via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2019-3877
Publication date:
27/03/2019
A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-3840
Publication date:
27/03/2019
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-3814
Publication date:
27/03/2019
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities