Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-13403
Publication date:
13/02/2019
The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2022

CVE-2018-13404
Publication date:
13/02/2019
The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2022

CVE-2018-20232
Publication date:
13/02/2019
The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2022

CVE-2018-20237
Publication date:
13/02/2019
Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.
Severity CVSS v4.0: Pending analysis
Last modification:
27/07/2022

CVE-2019-5909
Publication date:
13/02/2019
License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypass access restriction to send malicious files to the PC where License Manager Service runs via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-3610
Publication date:
13/02/2019
Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-8334
Publication date:
13/02/2019
An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&viewid=[XSS].
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2019

CVE-2019-8335
Publication date:
13/02/2019
An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&id=[XSS].
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2019

CVE-2018-15781
Publication date:
13/02/2019
The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decrypt locally stored cipher text.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2019-3782
Publication date:
13/02/2019
Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user.
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2020

CVE-2018-20164
Publication date:
13/02/2019
An issue was discovered in regex.yaml (aka regexes.yaml) in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service (ReDoS) issue allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to a value containing a long digit string. (The UAP-Core project contains the vulnerability, propagating to all implementations.)
Severity CVSS v4.0: Pending analysis
Last modification:
02/10/2019

CVE-2019-8312
Publication date:
13/02/2019
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetSysLogSettings API function, as demonstrated by shell metacharacters in the IPAddress field.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2021
Subscribe to Vulnerabilities