Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-14088
Publication date:
16/07/2018
An issue was discovered in a smart contract implementation for STeX White List (STE(WL)), an Ethereum token. The contract has an integer overflow. If the owner sets the value of amount to a large number then the "amount * 1000000000000000" will cause an integer overflow in withdrawToFounders().
Severity CVSS v4.0: Pending analysis
Last modification:
12/09/2018

CVE-2018-14089
Publication date:
16/07/2018
An issue was discovered in a smart contract implementation for Virgo_ZodiacToken, an Ethereum token. In this contract, 'bool sufficientAllowance = allowance value' condition.
Severity CVSS v4.0: Pending analysis
Last modification:
12/09/2018

CVE-2018-14087
Publication date:
16/07/2018
An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. The contract has an integer overflow. If the owner sets the value of buyPrice to a large number in setPrices() then the "msg.value * buyPrice" will cause an integer overflow in the fallback function.
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2020

CVE-2018-14084
Publication date:
16/07/2018
An issue was discovered in a smart contract implementation for MKCB, an Ethereum token. If the owner sets the value of sellPrice to a large number in setPrices() then the "amount * sellPrice" will cause an integer overflow in sell().
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2020

CVE-2018-14086
Publication date:
16/07/2018
An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an Ethereum token. The contract has an integer overflow. If the owner sets the value of sellPrice to a large number in setPrices() then the "amount * sellPrice" will cause an integer overflow in sell().
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2020

CVE-2018-14072
Publication date:
15/07/2018
libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, image_buffer_resize in fromsixel.c, and sixel_decode_raw in fromsixel.c.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-14073
Publication date:
15/07/2018
libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-14068
Publication date:
15/07/2018
An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account via admin.php?m=Admin&c=manager&a=add.
Severity CVSS v4.0: Pending analysis
Last modification:
10/09/2018

CVE-2018-14069
Publication date:
15/07/2018
An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add.
Severity CVSS v4.0: Pending analysis
Last modification:
10/09/2018

CVE-2018-14066
Publication date:
15/07/2018
The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo.
Severity CVSS v4.0: Pending analysis
Last modification:
21/09/2018

CVE-2018-14063
Publication date:
15/07/2018
The increaseApproval function of a smart contract implementation for Tracto (TRCT), an Ethereum ERC20 token, has an integer overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
12/09/2018

CVE-2018-14064
Publication date:
15/07/2018
The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities