Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-11475
Publication date:
25/05/2018
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2018

CVE-2018-11474
Publication date:
25/05/2018
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2018

CVE-2018-11471
Publication date:
25/05/2018
Cockpit 0.5.5 has XSS via a collection, form, or region.
Severity CVSS v4.0: Pending analysis
Last modification:
25/06/2018

CVE-2018-9091
Publication date:
25/05/2018
A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, etc., thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-11479
Publication date:
25/05/2018
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \\.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processes (like taskkill, etc.). There is no validation of the program name before constructing the lpCommandLine argument for a CreateProcess call. An attacker can run any malicious process with SYSTEM privileges through this named pipe.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2020

CVE-2017-14185
Publication date:
25/05/2018
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal.
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2018

CVE-2018-8862
Publication date:
25/05/2018
In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-8864
Publication date:
25/05/2018
In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-8871
Publication date:
25/05/2018
In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
22/10/2020

CVE-2018-6237
Publication date:
25/05/2018
A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation.
Severity CVSS v4.0: Pending analysis
Last modification:
25/06/2018

CVE-2018-10350
Publication date:
25/05/2018
A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\_bwlists\_handler.php. Authentication is required in order to exploit this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
25/06/2018

CVE-2018-6236
Publication date:
25/05/2018
A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tmusa driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2018
Subscribe to Vulnerabilities