Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-15011
Publication date:
17/12/2019
The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check.
Severity CVSS v4.0: Pending analysis
Last modification:
30/12/2019

CVE-2017-18107
Publication date:
17/12/2019
Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled by default.
Severity CVSS v4.0: Pending analysis
Last modification:
27/12/2019

CVE-2019-19826
Publication date:
16/12/2019
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion. Code execution might also be possible.
Severity CVSS v4.0: Pending analysis
Last modification:
27/12/2019

CVE-2019-12413
Publication date:
16/12/2019
In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query.
Severity CVSS v4.0: Pending analysis
Last modification:
22/05/2023

CVE-2019-12414
Publication date:
16/12/2019
In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab
Severity CVSS v4.0: Pending analysis
Last modification:
22/05/2023

CVE-2018-11751
Publication date:
16/12/2019
Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2020

CVE-2019-5259
Publication date:
16/12/2019
There is an information leakage vulnerability on some Huawei products(AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600). An attacker with low permissions can view some high-privilege information by running specific commands.Successful exploit could cause an information disclosure condition.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-16778
Publication date:
16/12/2019
In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. This is unlikely to be exploitable and was detected and fixed internally in TensorFlow 1.15 and 2.0.
Severity CVSS v4.0: Pending analysis
Last modification:
29/10/2021

CVE-2019-13181
Publication date:
16/12/2019
A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-18191
Publication date:
16/12/2019
A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-13182
Publication date:
16/12/2019
A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7.
Severity CVSS v4.0: Pending analysis
Last modification:
18/12/2019

CVE-2019-19818
Publication date:
16/12/2019
The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0xa08a Out-of-Bounds Read via crafted Unicode content.
Severity CVSS v4.0: Pending analysis
Last modification:
19/12/2019
Subscribe to Vulnerabilities