Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-12410
Publication date:
08/11/2019
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-3425
Publication date:
08/11/2019
The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or change passwords of other accounts.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-3426
Publication date:
08/11/2019
The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations.
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2019

CVE-2019-18623
Publication date:
08/11/2019
Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attacker to access data. If an unauthenticated user clicks on a link on the public dashboard, the resource opens in EnergyCAP with access rights matching the user who created the dashboard.
Severity CVSS v4.0: Pending analysis
Last modification:
12/11/2019

CVE-2019-17661
Publication date:
08/11/2019
A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC.
Severity CVSS v4.0: Pending analysis
Last modification:
15/10/2024

CVE-2019-17327
Publication date:
08/11/2019
JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file.
Severity CVSS v4.0: Pending analysis
Last modification:
13/11/2019

CVE-2019-16210
Publication date:
08/11/2019
Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-16206
Publication date:
08/11/2019
The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
01/01/2022

CVE-2019-16207
Publication date:
08/11/2019
Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2019

CVE-2019-16209
Publication date:
08/11/2019
A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2019

CVE-2019-16205
Publication date:
08/11/2019
A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal.
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2019

CVE-2019-16208
Publication date:
08/11/2019
Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2019
Subscribe to Vulnerabilities