Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-19522

Publication date:

18/12/2018

DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x800020F4) with a buffer containing user defined content. The driver&#39;s subroutine will execute a wrmsr instruction with the user&#39;s buffer for partial input.

Severity CVSS v4.0: Pending analysis

Last modification:

20/11/2019

CVE-2018-1833

Publication date:

18/12/2018

IBM Event Streams 2018.3.0 could allow a remote attacker to submit an API request with a fake Host request header. An attacker, who has already gained authorised access via the CLI, could exploit this vulnerability to spoof the request header. IBM X-Force ID: 150507.

Severity CVSS v4.0: Pending analysis

Last modification:

24/08/2020

CVE-2018-4015

Publication date:

18/12/2018

An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote BrightCloud server to exploit this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

07/06/2022

CVE-2018-20201

Publication date:

18/12/2018

There is a stack-based buffer over-read in the jsfNameFromString function of jsflash.c in Espruino 2V00, leading to a denial of service or possibly unspecified other impact via a crafted js file.

Severity CVSS v4.0: Pending analysis

Last modification:

03/10/2019

CVE-2018-20196

Publication date:

18/12/2018

There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.

Severity CVSS v4.0: Pending analysis

Last modification:

22/04/2022

CVE-2018-20199

Publication date:

18/12/2018

A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the ONLY_LONG_SEQUENCE case.

Severity CVSS v4.0: Pending analysis

Last modification:

22/04/2022

CVE-2018-20194

Publication date:

18/12/2018

There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max

Severity CVSS v4.0: Pending analysis

Last modification:

15/06/2020

CVE-2018-20195

Publication date:

18/12/2018

A NULL pointer dereference was discovered in ic_predict of libfaad/ic_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Severity CVSS v4.0: Pending analysis

Last modification:

15/06/2020

CVE-2018-20197

Publication date:

18/12/2018

Severity CVSS v4.0: Pending analysis

Last modification:

15/06/2020

CVE-2018-20198

Publication date:

18/12/2018

Severity CVSS v4.0: Pending analysis

Last modification:

15/06/2020

CVE-2018-7797

Publication date:

17/12/2018

A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site.

Severity CVSS v4.0: Pending analysis

Last modification:

11/02/2019

CVE-2018-7833

Publication date:

17/12/2018

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable

Severity CVSS v4.0: Pending analysis

Last modification:

28/12/2018

Subscribe to Vulnerabilities