Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-10577
Publication date:
02/05/2018
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root.
Severity CVSS v4.0: Pending analysis
Last modification:
16/09/2018

CVE-2018-10563
Publication date:
02/05/2018
An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to v10.7).
Severity CVSS v4.0: Pending analysis
Last modification:
04/06/2018

CVE-2018-10564
Publication date:
02/05/2018
XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7.
Severity CVSS v4.0: Pending analysis
Last modification:
04/06/2018

CVE-2018-10565
Publication date:
02/05/2018
XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7.
Severity CVSS v4.0: Pending analysis
Last modification:
04/06/2018

CVE-2018-10566
Publication date:
02/05/2018
XSS exists in Flexense DupScout Enterprise from v10.0.18 to v10.7.
Severity CVSS v4.0: Pending analysis
Last modification:
04/06/2018

CVE-2018-10567
Publication date:
02/05/2018
XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7.
Severity CVSS v4.0: Pending analysis
Last modification:
04/06/2018

CVE-2018-10568
Publication date:
02/05/2018
XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7.
Severity CVSS v4.0: Pending analysis
Last modification:
04/06/2018

CVE-2018-10294
Publication date:
02/05/2018
Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS.
Severity CVSS v4.0: Pending analysis
Last modification:
04/06/2018

CVE-2018-10680
Publication date:
02/05/2018
Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings --> Basic setting --> Website title" and enters an XSS payload via the zb_system/cmd.php ZC_BLOG_NAME parameter. NOTE: the vendor disputes the security relevance, noting it is "just a functional bug.
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2024

CVE-2018-8115
Publication date:
02/05/2018
A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image, aka "Windows Host Compute Service Shim Remote Code Execution Vulnerability." This affects Windows Host Compute.
Severity CVSS v4.0: Pending analysis
Last modification:
13/06/2018

CVE-2018-1104
Publication date:
02/05/2018
Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-10677
Publication date:
02/05/2018
The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks certain checks against width and height, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020
Subscribe to Vulnerabilities