Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-20014
Publication date:
27/12/2019
An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c.
Severity CVSS v4.0: Pending analysis
Last modification:
22/05/2020

CVE-2019-20009
Publication date:
27/12/2019
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-20012
Publication date:
27/12/2019
An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-20013
Publication date:
27/12/2019
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-20015
Publication date:
27/12/2019
An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_LWPOLYLINE_private in dwg.spec.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-20008
Publication date:
26/12/2019
In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page.
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2020

CVE-2013-3085
Publication date:
26/12/2019
An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2.
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2020

CVE-2013-3088
Publication date:
26/12/2019
Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging".
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2020

CVE-2019-20005
Publication date:
26/12/2019
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the processing of a string was finished).
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2020

CVE-2019-20006
Publication date:
26/12/2019
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault.
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2020

CVE-2019-20007
Publication date:
26/12/2019
An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After this, the function ezxml_parse_str does not check whether the s variable is not NULL in ezxml.c, leading to a NULL pointer dereference and crash (segmentation fault).
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2020

CVE-2012-4420
Publication date:
26/12/2019
An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements right after the allocation). A remote attacker could use this flaw to obtain potentially sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024
Subscribe to Vulnerabilities