Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-7296
Publication date:
31/01/2019
typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2019

CVE-2019-7295
Publication date:
31/01/2019
typora through 0.9.63 has XSS, with resultant remote command execution, during block rendering of a mathematical formula.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2019

CVE-2018-17928
Publication date:
31/01/2019
The product CMS-770 (Software Versions 1.7.1 and prior)is vulnerable that an attacker can read sensitive configuration files by bypassing the user authentication mechanism.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-5560
Publication date:
31/01/2019
A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-6241
Publication date:
31/01/2019
NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High Version: N/A.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-12548
Publication date:
31/01/2019
In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-19043
Publication date:
31/01/2019
The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming (specifying a "from" and "to" filename) via a ../ directory traversal in the dir parameter of an mrelocator_rename action to the wp-admin/admin-ajax.php URI.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2019

CVE-2018-19042
Publication date:
31/01/2019
The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dir_from and dir_to parameters of an mrelocator_move action to the wp-admin/admin-ajax.php URI.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2019

CVE-2018-19040
Publication date:
31/01/2019
The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2019

CVE-2018-18940
Publication date:
31/01/2019
servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. NOTE: this product is discontinued.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2019

CVE-2018-19041
Publication date:
31/01/2019
The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2019

CVE-2018-15516
Publication date:
31/01/2019
The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.
Severity CVSS v4.0: Pending analysis
Last modification:
26/04/2023
Subscribe to Vulnerabilities