Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-1000463
Publication date:
03/01/2018
Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code.
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2018

CVE-2017-1000437
Publication date:
02/01/2018
Creolabs Gravity 1.0 contains a stack based buffer overflow in the operator_string_add function, resulting in remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2018

CVE-2017-1000432
Publication date:
02/01/2018
Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2018

CVE-2017-1000434
Publication date:
02/01/2018
Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect parameter on a page allows for a redirect to an attacker controlled page classes/Furigana.php: header('location:'.urldecode($_GET['furikake-redirect']));
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2018

CVE-2017-1000425
Publication date:
02/01/2018
Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2018

CVE-2017-1000438
Publication date:
02/01/2018
In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2017-1000427
Publication date:
02/01/2018
marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2017-1000433
Publication date:
02/01/2018
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2021

CVE-2017-1000426
Publication date:
02/01/2018
MapProxy version 1.10.3 and older is vulnerable to a Cross Site Scripting attack in the demo service resulting in possible information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
10/09/2019

CVE-2017-1000430
Publication date:
02/01/2018
rust-base64 version
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2018

CVE-2017-1000423
Publication date:
02/01/2018
b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup.
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2018

CVE-2017-1000431
Publication date:
02/01/2018
eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2018
Subscribe to Vulnerabilities