Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-2743

Publication date:

23/01/2018

HP has identified a potential security vulnerability with HP Enterprise LaserJet Printers and MFPs, HP OfficeJet Enterprise Color Printers and MFP, HP PageWide Color Printers and MPS before 2308214_000901, 2308214_000900, and other firmware versions. The vulnerability could be exploited to perform a cross site scripting (XSS) attack.

Severity CVSS v4.0: Pending analysis

Last modification:

13/02/2018

CVE-2017-2744

Publication date:

23/01/2018

The vulnerability allows attacker to extract binaries into protected file system locations in HP Support Assistant before 12.7.26.1.

Severity CVSS v4.0: Pending analysis

Last modification:

09/02/2018

CVE-2017-2746

Publication date:

23/01/2018

Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to create a denial of service.

Severity CVSS v4.0: Pending analysis

Last modification:

08/02/2018

CVE-2018-5950

Publication date:

23/01/2018

Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2017-2740

Publication date:

23/01/2018

A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device.

Severity CVSS v4.0: Pending analysis

Last modification:

03/10/2019

CVE-2017-2741

Publication date:

23/01/2018

A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code.

Severity CVSS v4.0: Pending analysis

Last modification:

03/10/2019

CVE-2017-2742

Publication date:

23/01/2018

A potential security vulnerability has been identified with HP Web Jetadmin before 10.4 SR2. This vulnerability could potentially be exploited to create a denial of service.

Severity CVSS v4.0: Pending analysis

Last modification:

03/10/2019

CVE-2017-15105

Publication date:

23/01/2018

A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.

Severity CVSS v4.0: Pending analysis

Last modification:

09/10/2019

CVE-2017-15107

Publication date:

23/01/2018

A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.

Severity CVSS v4.0: Pending analysis

Last modification:

09/10/2019

CVE-2017-15090

Publication date:

23/01/2018

An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.

Severity CVSS v4.0: Pending analysis

Last modification:

09/10/2019

CVE-2017-15091

Publication date:

23/01/2018

An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY.

Severity CVSS v4.0: Pending analysis

Last modification:

09/10/2019

CVE-2017-15092

Publication date:

23/01/2018

A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.

Severity CVSS v4.0: Pending analysis

Last modification:

09/10/2019

Subscribe to Vulnerabilities