Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2016-10777
Publication date:
06/08/2019
cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177).
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2019

CVE-2016-10776
Publication date:
06/08/2019
cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174).
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2019

CVE-2016-10785
Publication date:
06/08/2019
cPanel before 60.0.25 allows attackers to discover file contents during file copy operations (SEC-185).
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2019

CVE-2016-10779
Publication date:
06/08/2019
cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179).
Severity CVSS v4.0: Pending analysis
Last modification:
09/08/2019

CVE-2016-10787
Publication date:
06/08/2019
The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187).
Severity CVSS v4.0: Pending analysis
Last modification:
09/08/2019

CVE-2016-10786
Publication date:
06/08/2019
cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186).
Severity CVSS v4.0: Pending analysis
Last modification:
09/08/2019

CVE-2019-14669
Publication date:
05/08/2019
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2020

CVE-2019-14670
Publication date:
05/08/2019
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed during rule-from-bill creation.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2020

CVE-2019-14672
Publication date:
05/08/2019
Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. The JavaScript code is executed upon an error condition during a visit to the account show page.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2020

CVE-2019-14671
Publication date:
05/08/2019
Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fints_url to import/job/configuration, and import/create/fints.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-14668
Publication date:
05/08/2019
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. The JavaScript code is executed during deletion of a transaction link.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2020

CVE-2019-14667
Publication date:
05/08/2019
Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2020
Subscribe to Vulnerabilities