Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2008-7320

Publication date:

18/11/2018

GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision

Severity CVSS v4.0: Pending analysis

Last modification:

21/11/2024

CVE-2018-19358

Publication date:

18/11/2018

GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. NOTE: the vendor disputes this because, according to the security model, untrusted applications must not be allowed to access the user&#39;s session bus socket.

Severity CVSS v4.0: Pending analysis

Last modification:

05/08/2024

CVE-2018-19352

Publication date:

18/11/2018

Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely.

Severity CVSS v4.0: Pending analysis

Last modification:

17/12/2018

CVE-2018-19353

Publication date:

18/11/2018

The ansilove_ansi function in loaders/ansi.c in libansilove 1.0.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.

Severity CVSS v4.0: Pending analysis

Last modification:

17/12/2018

CVE-2018-19351

Publication date:

18/11/2018

Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHandler and NbconvertPostHandler do not set a Content Security Policy to prevent this.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2018-19349

Publication date:

17/11/2018

In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.

Severity CVSS v4.0: Pending analysis

Last modification:

17/12/2018

CVE-2018-19350

Publication date:

17/11/2018

In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.

Severity CVSS v4.0: Pending analysis

Last modification:

17/12/2018

CVE-2018-19346

Publication date:

17/11/2018

The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11ea" issue.

Severity CVSS v4.0: Pending analysis

Last modification:

18/12/2018

CVE-2018-19348

Publication date:

17/11/2018

Severity CVSS v4.0: Pending analysis

Last modification:

18/12/2018

CVE-2018-19341

Publication date:

17/11/2018

The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader!std::basic_ostream >::operator

Severity CVSS v4.0: Pending analysis

Last modification:

18/12/2018

CVE-2018-19342

Publication date:

17/11/2018

The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation starting at U3DBrowser+0x000000000000347a" issue.

Severity CVSS v4.0: Pending analysis

Last modification:

18/12/2018

CVE-2018-19345

Publication date:

17/11/2018

The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at U3DBrowser!PlugInMain+0x0000000000053f8b" issue.

Severity CVSS v4.0: Pending analysis

Last modification:

18/12/2018

Subscribe to Vulnerabilities