Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-12458
Publication date:
15/06/2018
An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2021

CVE-2018-12457
Publication date:
15/06/2018
expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-1419
Publication date:
15/06/2018
IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-6671
Publication date:
15/06/2018
Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-6672
Publication date:
15/06/2018
Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-1460
Publication date:
15/06/2018
IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-12447
Publication date:
15/06/2018
The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-1085
Publication date:
15/06/2018
openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf result in etcd being configured to allow remote users to connect without any authentication if they can access the etcd server bound to the network on the master nodes. An attacker could use this flaw to read and modify all the data about the Openshift cluster in the etcd datastore, potentially adding another compute node, or bringing down the entire cluster.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-12435
Publication date:
15/06/2018
Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
Severity CVSS v4.0: Pending analysis
Last modification:
22/08/2018

CVE-2018-12434
Publication date:
15/06/2018
LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
Severity CVSS v4.0: Pending analysis
Last modification:
06/08/2018

CVE-2018-12436
Publication date:
15/06/2018
wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
Severity CVSS v4.0: Pending analysis
Last modification:
06/08/2018

CVE-2018-12439
Publication date:
15/06/2018
MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
Severity CVSS v4.0: Pending analysis
Last modification:
06/08/2018
Subscribe to Vulnerabilities