Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-1000425

Publication date:
02/01/2018
Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2018

CVE-2017-1000427

Publication date:
02/01/2018
marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2017-1000433

Publication date:
02/01/2018
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2021

CVE-2017-1000426

Publication date:
02/01/2018
MapProxy version 1.10.3 and older is vulnerable to a Cross Site Scripting attack in the demo service resulting in possible information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
10/09/2019

CVE-2017-1000424

Publication date:
02/01/2018
Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2017-1000422

Publication date:
02/01/2018
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2019

CVE-2017-1000430

Publication date:
02/01/2018
rust-base64 version
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2018

CVE-2017-1000423

Publication date:
02/01/2018
b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup.
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2018

CVE-2017-1000431

Publication date:
02/01/2018
eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2018

CVE-2017-1000421

Publication date:
02/01/2018
Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution
Severity CVSS v4.0: Pending analysis
Last modification:
24/10/2023

CVE-2017-1000419

Publication date:
02/01/2018
phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2018

CVE-2017-1000420

Publication date:
02/01/2018
Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2018