Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-19469
Publication date:
01/12/2019
In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-19269
Publication date:
30/11/2019
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-19468
Publication date:
30/11/2019
Free Photo Viewer 1.3 allows remote attackers to execute arbitrary code via a crafted BMP and/or TIFF file that triggers a malformed SEH, as demonstrated by a 0012ECB4 FreePhot.00425642 42200008 corrupt entry.
Severity CVSS v4.0: Pending analysis
Last modification:
13/12/2019

CVE-2019-19463
Publication date:
30/11/2019
The Anhui Huami Mi Fit application before 4.0.11 for Android has an Unencrypted Update Check.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2013-7484
Publication date:
30/11/2019
Zabbix before 5.0 represents passwords in the users table with unsalted MD5.
Severity CVSS v4.0: Pending analysis
Last modification:
22/08/2023

CVE-2019-19464
Publication date:
30/11/2019
The CBC Gem application before 9.24.1 for Android and before 9.26.0 for iOS has Unencrypted Analytics.
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2019

CVE-2019-19462
Publication date:
30/11/2019
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-19451
Publication date:
29/11/2019
When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-19396
Publication date:
29/11/2019
illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ip_attr.c mishandles conn_ixa dereferences.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2019

CVE-2014-3591
Publication date:
29/11/2019
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.
Severity CVSS v4.0: Pending analysis
Last modification:
05/12/2019

CVE-2015-0837
Publication date:
29/11/2019
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."
Severity CVSS v4.0: Pending analysis
Last modification:
14/12/2019

CVE-2019-5247
Publication date:
29/11/2019
Huawei Atlas 300, Atlas 500 have a buffer overflow vulnerability. A local, authenticated attacker may craft specific parameter and send to the process to exploit this vulnerability. Successfully exploit may cause service crash.
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2019
Subscribe to Vulnerabilities