Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-5779
Publication date:
14/03/2018
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. Successful exploit could allow an attacker to execute arbitrary code within the context of the application.
Severity CVSS v4.0: Pending analysis
Last modification:
07/09/2018

CVE-2018-5782
Publication date:
14/03/2018
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.
Severity CVSS v4.0: Pending analysis
Last modification:
26/04/2019

CVE-2018-7677
Publication date:
14/03/2018
A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-7678
Publication date:
14/03/2018
A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-7474
Publication date:
14/03/2018
An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2018

CVE-2018-1000131
Publication date:
14/03/2018
Pradeep Makone wordpress Support Plus Responsive Ticket System version 9.0.2 and earlier contains a SQL Injection vulnerability in the function to get tickets, the parameter email in cookie was injected that can result in filter the parameter. This attack appear to be exploitable via web site, without login. This vulnerability appears to have been fixed in 9.0.3 and later.
Severity CVSS v4.0: Pending analysis
Last modification:
13/04/2018

CVE-2018-7279
Publication date:
14/03/2018
A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1.
Severity CVSS v4.0: Pending analysis
Last modification:
10/04/2018

CVE-2018-1000129
Publication date:
14/03/2018
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2019

CVE-2018-1000130
Publication date:
14/03/2018
A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server.
Severity CVSS v4.0: Pending analysis
Last modification:
08/03/2019

CVE-2018-6875
Publication date:
14/03/2018
Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display (of information that should not be accessible), related to text containing characters that the device's font lacks.
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2020

CVE-2018-1000132
Publication date:
14/03/2018
Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.
Severity CVSS v4.0: Pending analysis
Last modification:
31/07/2020

CVE-2018-8108
Publication date:
14/03/2018
The select component in bui through 2018-03-13 has XSS because it performs an escape operation on already-escaped text, as demonstrated by workGroupList text.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2018
Subscribe to Vulnerabilities