Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-6962
Publication date:
22/05/2018
VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-3639
Publication date:
22/05/2018
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
Severity CVSS v4.0: Pending analysis
Last modification:
13/08/2021

CVE-2018-3640
Publication date:
22/05/2018
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-11329
Publication date:
22/05/2018
The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract's ownership, aka ceoAnyone. After that, all the digital assets (including Ether balance and tokens) might be manipulated by the attackers, as exploited in the wild in May 2018.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2020

CVE-2018-11363
Publication date:
22/05/2018
jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based buffer over-read.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-11364
Publication date:
22/05/2018
sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconv_open call.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2019

CVE-2018-11365
Publication date:
22/05/2018
sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an infinite loop.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2019

CVE-2018-11343
Publication date:
22/05/2018
A persistent cross site scripting vulnerability in playlistmanger.cgi in the ASUSTOR SoundsGood application allows attackers to store cross site scripting payloads via the 'playlist' POST parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
20/03/2019

CVE-2018-11341
Publication date:
22/05/2018
Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
20/03/2019

CVE-2018-11340
Publication date:
22/05/2018
An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed.
Severity CVSS v4.0: Pending analysis
Last modification:
21/03/2019

CVE-2018-11342
Publication date:
22/05/2018
A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2019

CVE-2018-11345
Publication date:
22/05/2018
An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the filename parameter is vulnerable to path traversal and allows the attacker to place the file anywhere on the system.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2019
Subscribe to Vulnerabilities