Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-7635
Publication date:
05/06/2018
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2018

CVE-2017-7636
Publication date:
05/06/2018
Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2018

CVE-2017-7637
Publication date:
05/06/2018
QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2018

CVE-2017-7639
Publication date:
05/06/2018
QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2018

CVE-2018-1000196
Publication date:
05/06/2018
A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured Gitlab token.
Severity CVSS v4.0: Pending analysis
Last modification:
18/07/2018

CVE-2018-1000198
Publication date:
05/06/2018
A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document.
Severity CVSS v4.0: Pending analysis
Last modification:
18/07/2018

CVE-2018-1000202
Publication date:
05/06/2018
A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.
Severity CVSS v4.0: Pending analysis
Last modification:
18/07/2018

CVE-2018-10057
Publication date:
05/06/2018
The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).
Severity CVSS v4.0: Pending analysis
Last modification:
27/07/2018

CVE-2018-11586
Publication date:
05/06/2018
XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
Severity CVSS v4.0: Pending analysis
Last modification:
31/07/2018

CVE-2018-1000197
Publication date:
05/06/2018
An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-3691
Publication date:
05/06/2018
Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-1000192
Publication date:
05/06/2018
A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all installed plugins.
Severity CVSS v4.0: Pending analysis
Last modification:
13/06/2022
Subscribe to Vulnerabilities