Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-11557
Publication date:
23/05/2019
An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request.
Severity CVSS v4.0: Pending analysis
Last modification:
24/05/2019

CVE-2017-11560
Publication date:
23/05/2019
An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the application. Thus, an attacker can inject a malicious JavaScript payload inside the HTML file and upload it to the application.
Severity CVSS v4.0: Pending analysis
Last modification:
24/05/2019

CVE-2017-11559
Publication date:
23/05/2019
An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack.
Severity CVSS v4.0: Pending analysis
Last modification:
24/05/2019

CVE-2017-11365
Publication date:
23/05/2019
Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator.
Severity CVSS v4.0: Pending analysis
Last modification:
24/05/2019

CVE-2016-9969
Publication date:
23/05/2019
In libwebp 0.5.1, there is a double free bug in libwebpmux.
Severity CVSS v4.0: Pending analysis
Last modification:
28/05/2019

CVE-2016-8901
Publication date:
23/05/2019
b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php.
Severity CVSS v4.0: Pending analysis
Last modification:
28/05/2019

CVE-2017-13667
Publication date:
23/05/2019
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.
Severity CVSS v4.0: Pending analysis
Last modification:
28/05/2019

CVE-2019-7112
Publication date:
23/05/2019
Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
Severity CVSS v4.0: Pending analysis
Last modification:
21/08/2019

CVE-2019-7098
Publication date:
23/05/2019
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-7099
Publication date:
23/05/2019
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-7100
Publication date:
23/05/2019
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-7101
Publication date:
23/05/2019
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020
Subscribe to Vulnerabilities