Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2016-5397
Publication date:
12/02/2018
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-6893
Publication date:
12/02/2018
controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2018

CVE-2017-18176
Publication date:
12/02/2018
Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1.
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2018

CVE-2017-18177
Publication date:
12/02/2018
Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1.
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2018

CVE-2017-18178
Publication date:
12/02/2018
Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. This is fixed in 10.1.
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2018

CVE-2017-18175
Publication date:
12/02/2018
Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1.
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2018

CVE-2017-18179
Publication date:
12/02/2018
Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1.
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2018

CVE-2018-6506
Publication date:
12/02/2018
Cross-Site Scripting (XSS) exists in the Add Forum feature in the Administrative Panel in miniBB 3.2.2 via crafted use of an onload attribute of an SVG element in the supertitle field.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2018

CVE-2018-6863
Publication date:
12/02/2018
SQL Injection exists in PHP Scripts Mall Select Your College Script 2.0.2 via a Login Parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
28/02/2018

CVE-2018-6862
Publication date:
12/02/2018
Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM Software 1.0.2 via a profile field.
Severity CVSS v4.0: Pending analysis
Last modification:
26/02/2018

CVE-2018-6864
Publication date:
12/02/2018
Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion Responsive Matrimonial 4.7.2 via a user profile update parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
26/02/2018

CVE-2018-6889
Publication date:
12/02/2018
An issue was discovered in Typesetter 5.1. It suffers from a Host header injection vulnerability, Using this attack, a malicious user can poison the web cache or perform advanced password reset attacks or even trigger arbitrary user re-direction.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2018
Subscribe to Vulnerabilities