Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-9282
Publication date:
21/09/2018
An XSS issue was discovered in Subsonic Media Server 6.1.1. The podcast subscription form is affected by a stored XSS vulnerability in the add parameter to podcastReceiverAdmin.view; no administrator access is required. By injecting a JavaScript payload, this flaw could be used to manipulate a user's session, or elevate privileges by targeting an administrative user.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2018

CVE-2018-16597
Publication date:
21/09/2018
An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-16793
Publication date:
21/09/2018
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2018

CVE-2018-16281
Publication date:
21/09/2018
The DEISER "Profields - Project Custom Fields" app before 6.0.2 for Jira has Incorrect Access Control.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-14689
Publication date:
21/09/2018
An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the name[x], sourceformats[x], targetFormat[x], step1[x], and step2[x] parameters (where x is an integer) to transcodingSettings.view that could be used to steal session information of a victim.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2018

CVE-2018-14688
Publication date:
21/09/2018
An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the name[x], streamUrl[x], homepageUrl[x] parameters (where x is an integer) to internetRadioSettings.view that could be used to steal session information of a victim.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2018

CVE-2018-11352
Publication date:
21/09/2018
The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting (XSS) vulnerability that is stored within the configuration page. This vulnerability enables the execution of a JavaScript payload each time an administrator visits the configuration page. The vulnerability can be exploited with authentication and used to target administrators and steal their sessions.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2018

CVE-2018-3914
Publication date:
21/09/2018
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000 bytes. An attacker can send an arbitrarily long "sessionToken" value in order to exploit this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2023

CVE-2018-3915
Publication date:
21/09/2018
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to exploit this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
26/04/2023

CVE-2018-16784
Publication date:
21/09/2018
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "
Severity CVSS v4.0: Pending analysis
Last modification:
08/11/2018

CVE-2018-16786
Publication date:
21/09/2018
DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php.
Severity CVSS v4.0: Pending analysis
Last modification:
08/11/2018

CVE-2018-11241
Publication date:
21/09/2018
An issue was discovered on SoftCase T-Router build 20112017 devices. A remote attacker can read and write to arbitrary files on the system as root, as demonstrated by code execution after writing to a crontab file. This is fixed in production builds as of Spring 2018.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019
Subscribe to Vulnerabilities