Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-6492
Publication date:
21/03/2019
SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC4 is called. This kernel pointer can be leaked if the kernel pool becomes a "big" pool.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-6272
Publication date:
21/03/2019
Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2019

CVE-2019-6274
Publication date:
21/03/2019
Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2019

CVE-2019-6275
Publication date:
21/03/2019
Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2019

CVE-2019-6273
Publication date:
21/03/2019
download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-6279
Publication date:
21/03/2019
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-6116
Publication date:
21/03/2019
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-5722
Publication date:
21/03/2019
An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handling, it has various SQL injections, including on the login form, and on the search form for a key ring number.
Severity CVSS v4.0: Pending analysis
Last modification:
22/03/2019

CVE-2019-5417
Publication date:
21/03/2019
A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2019

CVE-2019-5729
Publication date:
21/03/2019
Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2019

CVE-2019-5011
Publication date:
21/03/2019
An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.
Severity CVSS v4.0: Pending analysis
Last modification:
13/06/2022

CVE-2019-4094
Publication date:
21/03/2019
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. IBM X-Force ID: 158014.
Severity CVSS v4.0: Pending analysis
Last modification:
30/01/2023
Subscribe to Vulnerabilities