Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-1010142
Publication date:
19/07/2019
scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, resource consumption and program unresponsive. The component is: _RADIUSAttrPacketListField.getfield(self..). The attack vector is: over the network or in a pcap. both work.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-1010113
Publication date:
19/07/2019
Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting (XSS). The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a link (A) element.
Severity CVSS v4.0: Pending analysis
Last modification:
25/07/2019

CVE-2019-12193
Publication date:
19/07/2019
H3C H3Cloud OS all versions allows SQL injection via the ear/grid_event sidx parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
29/07/2019

CVE-2019-1010100
Publication date:
19/07/2019
Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables (ALL executables on the web site). The attack vector is: CAPEC-471, CWE-426, CWE-427.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-1010101
Publication date:
19/07/2019
Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. The impact is: arbitrary code execution with escalation of privilege. The component is: Executable installer, portable executable (ALL executables available). The attack vector is: CWE-29, CWE-377, CWE-379.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-1010136
Publication date:
19/07/2019
ChinaMobile GPN2.4P21-C-CN W2001EN-00 is affected by: Incorrect Access Control - Unauthenticated Remote Reboot. The impact is: PLC Wireless Router's are vulnerable to an unauthenticated remote reboot due. The component is: Reboot settings are available to unauthenticated users instead of only authenticaed users. The attack vector is: Remote.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2015-7882
Publication date:
19/07/2019
Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2019-13982
Publication date:
19/07/2019
interfaces/markdown/input.vue in Directus 7 Application before 7.7.0 does not sanitize Markdown text before rendering a preview.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-1010247
Publication date:
19/07/2019
ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/mod_auth_openidc.c, Line: 3109. The fixed version is: 2.3.10.2.
Severity CVSS v4.0: Pending analysis
Last modification:
25/05/2023

CVE-2019-13984
Publication date:
19/07/2019
Directus 7 API before 2.3.0 does not validate uploaded files. Regardless of the file extension or MIME type, there is a direct link to each uploaded file, accessible by unauthenticated users, as demonstrated by the EICAR Anti-Virus Test File.
Severity CVSS v4.0: Pending analysis
Last modification:
22/07/2019

CVE-2019-13979
Publication date:
19/07/2019
In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
22/07/2019

CVE-2019-13980
Publication date:
19/07/2019
In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx.
Severity CVSS v4.0: Pending analysis
Last modification:
22/07/2019
Subscribe to Vulnerabilities