Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-18027

Publication date:
12/01/2018
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2017-18028

Publication date:
12/01/2018
In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2017-18029

Publication date:
12/01/2018
In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2017-16741

Publication date:
12/01/2018
An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to use Monitor Mode on the device to read diagnostic information.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2018

CVE-2017-14030

Publication date:
12/01/2018
An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2017-16737

Publication date:
12/01/2018
An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. A specially-crafted malicious file may be able to cause a heap-based buffer overflow vulnerability when opened by a user.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2017-16739

Publication date:
12/01/2018
An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. Specially-crafted malicious files may be able to cause stack-based buffer overflow vulnerabilities, which may allow remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2016-10705

Publication date:
12/01/2018
The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2018

CVE-2016-10706

Publication date:
12/01/2018
The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2018

CVE-2017-18014

Publication date:
12/01/2018
An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page (Control Center -> Log Viewer -> in the filter option "Web Server Protection") in the webadmin interface, and execute any action available to the webadmin of the firewall (e.g., creating a new user, enabling SSH, or adding an SSH authorized key). The WAF log page will execute the "User-Agent" parameter in the HTTP POST request.
Severity CVSS v4.0: Pending analysis
Last modification:
06/02/2018

CVE-2017-17970

Publication date:
12/01/2018
Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to login.php; the (2) season_id parameter to themes/flixer/ajax/load_season.php; the (3) movie_id parameter to themes/flixer/ajax/get_rating.php; the (4) rating or (5) movie_id parameter to themes/flixer/ajax/update_rating.php; or the (6) id parameter to themes/flixer/ajax/set_player_source.php.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2018

CVE-2018-5315

Publication date:
12/01/2018
The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php.
Severity CVSS v4.0: Pending analysis
Last modification:
29/01/2018