Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-6805
Publication date:
25/01/2019
SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
25/01/2019

CVE-2019-6803
Publication date:
25/01/2019
typora through 0.9.9.20.3 beta has XSS, with resultant remote command execution, via the left outline bar.
Severity CVSS v4.0: Pending analysis
Last modification:
25/01/2019

CVE-2017-18359
Publication date:
25/01/2019
PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled.
Severity CVSS v4.0: Pending analysis
Last modification:
06/04/2022

CVE-2019-6804
Publication date:
25/01/2019
An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp.
Severity CVSS v4.0: Pending analysis
Last modification:
01/09/2021

CVE-2019-6802
Publication date:
25/01/2019
CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2018-16098
Publication date:
24/01/2019
In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.
Severity CVSS v4.0: Pending analysis
Last modification:
08/05/2019

CVE-2018-12237
Publication date:
24/01/2019
The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
11/02/2019

CVE-2018-18981
Publication date:
24/01/2019
In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated attacker could send numerous crafted packets to service ports resulting in memory consumption that could lead to a partial or complete denial-of-service condition to the affected services.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2019-6780
Publication date:
24/01/2019
The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer.
Severity CVSS v4.0: Pending analysis
Last modification:
28/01/2019

CVE-2018-5497
Publication date:
24/01/2019
Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.
Severity CVSS v4.0: Pending analysis
Last modification:
15/02/2019

CVE-2018-18363
Publication date:
24/01/2019
Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2019-6779
Publication date:
24/01/2019
Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links.
Severity CVSS v4.0: Pending analysis
Last modification:
25/01/2019
Subscribe to Vulnerabilities