Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-1000501
Publication date:
03/01/2018
Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
27/07/2020

CVE-2017-1000495
Publication date:
03/01/2018
QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2018

CVE-2017-1000496
Publication date:
03/01/2018
Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code.
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2018

CVE-2017-1000498
Publication date:
03/01/2018
AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution
Severity CVSS v4.0: Pending analysis
Last modification:
30/01/2020

CVE-2017-1000497
Publication date:
03/01/2018
Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly remote code execution
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2020

CVE-2017-1000494
Publication date:
03/01/2018
Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2019

CVE-2017-1000499
Publication date:
03/01/2018
phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.
Severity CVSS v4.0: Pending analysis
Last modification:
30/04/2019

CVE-2018-4868
Publication date:
03/01/2018
The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-4862
Publication date:
03/01/2018
In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2017-18017
Publication date:
03/01/2018
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
Severity CVSS v4.0: Pending analysis
Last modification:
03/01/2025

CVE-2017-1000491
Publication date:
03/01/2018
Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2018

CVE-2017-1000466
Publication date:
03/01/2018
Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2018
Subscribe to Vulnerabilities