Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-0974
Publication date:
12/06/2019
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.<br /> An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.<br /> The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Severity CVSS v4.0: Pending analysis
Last modification:
20/05/2025

CVE-2019-0888
Publication date:
12/06/2019
A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim user’s privileges.<br /> An attacker could craft a website that exploits the vulnerability and then convince a victim user to visit the website.<br /> The security update addresses the vulnerability by modifying how ActiveX Data Objects handle objects in memory.
Severity CVSS v4.0: Pending analysis
Last modification:
20/05/2025

CVE-2019-0904
Publication date:
12/06/2019
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.<br /> An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.<br /> The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Severity CVSS v4.0: Pending analysis
Last modification:
20/05/2025

CVE-2019-0905
Publication date:
12/06/2019
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.<br /> An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.<br /> The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Severity CVSS v4.0: Pending analysis
Last modification:
20/05/2025

CVE-2019-0906
Publication date:
12/06/2019
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.<br /> An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.<br /> The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Severity CVSS v4.0: Pending analysis
Last modification:
20/05/2025

CVE-2019-0907
Publication date:
12/06/2019
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.<br /> An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.<br /> The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Severity CVSS v4.0: Pending analysis
Last modification:
20/05/2025

CVE-2019-0908
Publication date:
12/06/2019
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.<br /> An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.<br /> The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Severity CVSS v4.0: Pending analysis
Last modification:
20/05/2025

CVE-2019-0909
Publication date:
12/06/2019
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.<br /> An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.<br /> The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Severity CVSS v4.0: Pending analysis
Last modification:
20/05/2025

CVE-2019-0920
Publication date:
12/06/2019
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.<br /> In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked &amp;quot;safe for initialization&amp;quot; in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.<br /> The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
Severity CVSS v4.0: Pending analysis
Last modification:
20/05/2025

CVE-2017-15123
Publication date:
12/06/2019
A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines.
Severity CVSS v4.0: Pending analysis
Last modification:
17/07/2019

CVE-2019-12149
Publication date:
11/06/2019
SQL injection vulnerability in silverstripe/restfulserver module 1.0.x before 1.0.9, 2.0.x before 2.0.4, and 2.1.x before 2.1.2 and silverstripe/registry module 2.1.x before 2.1.1 and 2.2.x before 2.2.1 allows attackers to execute arbitrary SQL commands.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2019

CVE-2019-12795
Publication date:
11/06/2019
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities