Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-16737
Publication date:
10/10/2018
tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-16738
Publication date:
10/10/2018
tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-12544
Publication date:
10/10/2018
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-12541
Publication date:
10/10/2018
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-12542
Publication date:
10/10/2018
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-12410
Publication date:
10/10/2018
The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-12161
Publication date:
10/10/2018
Insufficient session validation in the webserver component of the Intel Rapid Web Server 3 may allow an unauthenticated user to potentially disclose information via network access.
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2019

CVE-2018-12158
Publication date:
10/10/2018
Insufficient input validation in BIOS update utility in Intel NUC FW kits downloaded before May 24, 2018 may allow a privileged user to potentially trigger a denial of service or information disclosure via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-12172
Publication date:
10/10/2018
Improper password hashing in firmware in Intel Server Board (S7200AP,S7200APR) and Intel Compute Module (HNS7200AP, HNS7200AP) may allow a privileged user to potentially disclose firmware passwords via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-12173
Publication date:
10/10/2018
Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-12193
Publication date:
10/10/2018
Insufficient access control in driver stack for Intel QuickAssist Technology for Linux before version 4.2 may allow an unprivileged user to potentially disclose information via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2021

CVE-2018-12152
Publication date:
10/10/2018
Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unauthenticated remote user to potentially execute arbitrary WebGL code via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
30/10/2019
Subscribe to Vulnerabilities