Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-16519
Publication date:
21/03/2019
COYO 9.0.8, 10.0.11 and 12.0.4 has cross-site scripting (XSS) via URLs used by "iFrame" widgets.
Severity CVSS v4.0: Pending analysis
Last modification:
21/03/2019

CVE-2018-16563
Publication date:
21/03/2019
A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-16789
Publication date:
21/03/2019
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-15532
Publication date:
21/03/2019
SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2019

CVE-2018-15818
Publication date:
21/03/2019
An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php.
Severity CVSS v4.0: Pending analysis
Last modification:
22/03/2019

CVE-2018-15498
Publication date:
21/03/2019
YSoft SafeQ Server 6 allows a replay attack.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-15508
Publication date:
21/03/2019
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control allowing a remote attackers to cause a denial of service via opening a connection on port 8083 to a device running the Five9 SoftPhone(issue 1 of 2).
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-15906
Publication date:
21/03/2019
SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-14745
Publication date:
21/03/2019
Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwrite kernel memory due to improper validation of the ring buffer read pointer. The Samsung ID is SVE-2018-12029.
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2019

CVE-2018-14724
Publication date:
21/03/2019
In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page.
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2019

CVE-2018-14486
Publication date:
21/03/2019
DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.
Severity CVSS v4.0: Pending analysis
Last modification:
22/03/2019

CVE-2018-14575
Publication date:
21/03/2019
Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject.
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2019
Subscribe to Vulnerabilities