Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-7753
Publication date:
07/03/2018
An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2018

CVE-2018-7752
Publication date:
07/03/2018
GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2019

CVE-2017-12174
Publication date:
07/03/2018
It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2023

CVE-2018-7675
Publication date:
07/03/2018
In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case it is possible that the user can see another users events or configuration information for whatever view is currently showing.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-7564
Publication date:
07/03/2018
Stored XSS exists on Polycom QDX 6000 devices.
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2018

CVE-2018-7565
Publication date:
07/03/2018
CSRF exists on Polycom QDX 6000 devices.
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2018

CVE-2017-15367
Publication date:
07/03/2018
Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2018

CVE-2018-7204
Publication date:
07/03/2018
inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If a user edits the wp-config.php file using this plugin, the wp-config.php contents get added to log.txt, which is not protected and contains database credentials, salts, etc. These files have been indexed by Google and a simple dork will find affected sites.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-5452
Publication date:
07/03/2018
A Stack-based Buffer Overflow issue was discovered in Emerson Process Management ControlWave Micro Process Automation Controller: ControlWave Micro [ProConOS v.4.01.280] firmware: CWM v.05.78.00 and prior. A stack-based buffer overflow vulnerability caused by sending crafted packets on Port 20547 could force the PLC to change its state into halt mode.
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2020

CVE-2018-7745
Publication date:
07/03/2018
An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/install/installation/createuserinfo requests, resulting in account creation.
Severity CVSS v4.0: Pending analysis
Last modification:
09/09/2021

CVE-2018-7746
Publication date:
07/03/2018
An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin.
Severity CVSS v4.0: Pending analysis
Last modification:
09/09/2021

CVE-2014-5044
Publication date:
07/03/2018
Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2018
Subscribe to Vulnerabilities