Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-12434
Publication date:
15/06/2018
LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
Severity CVSS v4.0: Pending analysis
Last modification:
06/08/2018

CVE-2018-12436
Publication date:
15/06/2018
wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
Severity CVSS v4.0: Pending analysis
Last modification:
06/08/2018

CVE-2018-12439
Publication date:
15/06/2018
MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
Severity CVSS v4.0: Pending analysis
Last modification:
06/08/2018

CVE-2018-12440
Publication date:
15/06/2018
BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a DSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
Severity CVSS v4.0: Pending analysis
Last modification:
06/08/2018

CVE-2018-12356
Publication date:
15/06/2018
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension scripts. Modifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the extension scripts allows the attacker arbitrary code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2019

CVE-2018-12437
Publication date:
15/06/2018
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
Severity CVSS v4.0: Pending analysis
Last modification:
29/06/2021

CVE-2018-12438
Publication date:
15/06/2018
The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
Severity CVSS v4.0: Pending analysis
Last modification:
09/03/2021

CVE-2018-12433
Publication date:
15/06/2018
cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the vendor does not include side-channel attacks within its threat model
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2024

CVE-2018-12431
Publication date:
14/06/2018
SeaCMS V6.61 has XSS via the site name parameter on an adm1n/admin_config.php page (aka a system management page).
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2018

CVE-2018-12432
Publication date:
14/06/2018
JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI.
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2018

CVE-2018-12420
Publication date:
14/06/2018
IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request.
Severity CVSS v4.0: Pending analysis
Last modification:
09/08/2018

CVE-2018-12423
Publication date:
14/06/2018
In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019
Subscribe to Vulnerabilities