Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-8450
Publication date:
11/09/2019
Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a custom field.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2022

CVE-2019-8451
Publication date:
11/09/2019
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.
Severity CVSS v4.0: Pending analysis
Last modification:
28/03/2022

CVE-2019-14995
Publication date:
11/09/2019
The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check.
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2022

CVE-2019-14996
Publication date:
11/09/2019
The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2022

CVE-2019-14997
Publication date:
11/09/2019
The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2022

CVE-2019-14998
Publication date:
11/09/2019
The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance.
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2022

CVE-2019-16217
Publication date:
11/09/2019
WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2023

CVE-2019-16218
Publication date:
11/09/2019
WordPress before 5.2.3 allows XSS in stored comments.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2023

CVE-2019-16219
Publication date:
11/09/2019
WordPress before 5.2.3 allows XSS in shortcode previews.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2023

CVE-2019-16220
Publication date:
11/09/2019
In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash.
Severity CVSS v4.0: Pending analysis
Last modification:
21/08/2024

CVE-2019-16193
Publication date:
11/09/2019
In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting (XFS) attack through the EDIT MY PROFILE feature.
Severity CVSS v4.0: Pending analysis
Last modification:
12/09/2019

CVE-2019-14724
Publication date:
11/09/2019
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account.
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2023
Subscribe to Vulnerabilities