Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-6000
Publication date:
22/01/2018
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-6003
Publication date:
22/01/2018
An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-1000003
Publication date:
22/01/2018
Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.
Severity CVSS v4.0: Pending analysis
Last modification:
06/02/2018

CVE-2018-1000002
Publication date:
22/01/2018
Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.
Severity CVSS v4.0: Pending analysis
Last modification:
06/11/2019

CVE-2018-5761
Publication date:
22/01/2018
A man-in-the-middle vulnerability related to vCenter access was found in Rubrik CDM 3.x and 4.x before 4.0.4-p2. This vulnerability might expose Rubrik user credentials configured to access vCenter as Rubrik clusters did not verify TLS certificates presented by vCenter.
Severity CVSS v4.0: Pending analysis
Last modification:
15/02/2018

CVE-2017-17858
Publication date:
22/01/2018
Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-1044
Publication date:
22/01/2018
In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2018

CVE-2018-1045
Publication date:
22/01/2018
In Moodle 3.x, there is XSS via a calendar event name.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2018

CVE-2018-1043
Publication date:
22/01/2018
In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-1042
Publication date:
22/01/2018
Moodle 3.x has Server Side Request Forgery in the filepicker.
Severity CVSS v4.0: Pending analysis
Last modification:
27/07/2019

CVE-2016-10709
Publication date:
22/01/2018
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
Severity CVSS v4.0: Pending analysis
Last modification:
09/02/2018

CVE-2017-18047
Publication date:
22/01/2018
Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply.
Severity CVSS v4.0: Pending analysis
Last modification:
06/02/2018
Subscribe to Vulnerabilities