Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-14906
Publication date:
03/08/2018
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters.
Severity CVSS v4.0: Pending analysis
Last modification:
26/09/2018

CVE-2018-14905
Publication date:
03/08/2018
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
26/09/2018

CVE-2018-14904
Publication date:
03/08/2018
Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid.
Severity CVSS v4.0: Pending analysis
Last modification:
27/09/2018

CVE-2018-14908
Publication date:
03/08/2018
Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action.
Severity CVSS v4.0: Pending analysis
Last modification:
27/09/2018

CVE-2018-14715
Publication date:
03/08/2018
The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. Therefore, attackers can predict the random number and always win the game.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-14504
Publication date:
03/08/2018
An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar" onclick="alert(1)').
Severity CVSS v4.0: Pending analysis
Last modification:
02/10/2018

CVE-2017-15358
Publication date:
03/08/2018
Race condition in the Charles Proxy Settings suid binary in Charles Proxy before 4.2.1 allows local users to gain privileges via vectors involving the --self-repair option.
Severity CVSS v4.0: Pending analysis
Last modification:
02/10/2018

CVE-2018-12605
Publication date:
03/08/2018
An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2018

CVE-2018-12606
Publication date:
03/08/2018
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2018

CVE-2018-12607
Publication date:
03/08/2018
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2018

CVE-2018-13055
Publication date:
03/08/2018
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO.
Severity CVSS v4.0: Pending analysis
Last modification:
04/10/2018

CVE-2018-7748
Publication date:
03/08/2018
report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
05/10/2018
Subscribe to Vulnerabilities