Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-12162
Publication date:
12/09/2018
Directory permissions in the Intel OpenVINO Toolkit for Windows before version 2018.1.265 may allow an authenticated user to potentially execute code using default directory permissions via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-12163
Publication date:
12/09/2018
A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 installer may allow an authenticated user to potentially escalate privileges using file modification via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-12168
Publication date:
12/09/2018
Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-12171
Publication date:
12/09/2018
Privilege escalation in Intel Baseboard Management Controller (BMC) firmware before version 1.43.91f76955 may allow an unprivileged user to potentially execute arbitrary code or perform denial of service over the network.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-12160
Publication date:
12/09/2018
DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-12149
Publication date:
12/09/2018
Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2018

CVE-2018-12148
Publication date:
12/09/2018
Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-7572
Publication date:
12/09/2018
Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network connectivity, and trigger a connection to a crafted proxy server with an invalid SSL certificate that allows certification-manager access, leading to the ability to browse local files and execute local programs.
Severity CVSS v4.0: Pending analysis
Last modification:
27/11/2018

CVE-2018-16729
Publication date:
12/09/2018
Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2018

CVE-2018-16727
Publication date:
12/09/2018
razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2018

CVE-2018-16728
Publication date:
12/09/2018
feindura 2.0.7 allows XSS via the tags field of a new page created at index.php?category=0&page=new.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2018

CVE-2018-16726
Publication date:
12/09/2018
razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2018
Subscribe to Vulnerabilities