Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-10303
Publication date:
23/04/2018
A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3.
Severity CVSS v4.0: Pending analysis
Last modification:
25/05/2018

CVE-2017-7893
Publication date:
23/04/2018
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-1106
Publication date:
23/04/2018
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-10302
Publication date:
23/04/2018
A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-jyb51g3mv9.
Severity CVSS v4.0: Pending analysis
Last modification:
25/05/2018

CVE-2016-9594
Publication date:
23/04/2018
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-8781
Publication date:
23/04/2018
The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.
Severity CVSS v4.0: Pending analysis
Last modification:
03/03/2023

CVE-2018-8880
Publication date:
23/04/2018
Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
25/05/2018

CVE-2018-9921
Publication date:
23/04/2018
In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an admin/checksum.php?__c= request.
Severity CVSS v4.0: Pending analysis
Last modification:
25/05/2018

CVE-2017-17833
Publication date:
23/04/2018
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
15/05/2020

CVE-2016-9586
Publication date:
23/04/2018
curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-10300
Publication date:
23/04/2018
Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in an Instagram profile's bio.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-10301
Publication date:
23/04/2018
Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 Premium for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in a comment on an Instagram post.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities