Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-6284
Publication date:
06/03/2018
NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect sensitive data which may lead to information disclosure.This issue is rated as moderate.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2019

CVE-2018-7307
Publication date:
06/03/2018
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
28/03/2018

CVE-2018-7650
Publication date:
06/03/2018
PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the "Add New" function for a Management User. Within the "Add New" section, the application does not sanitize user supplied input to the name parameter, and renders injected JavaScript code to the user's browser. This is different from CVE-2018-6878.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2018

CVE-2018-1062
Publication date:
06/03/2018
A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM.
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2020

CVE-2018-7717
Publication date:
05/03/2018
The htmlImageAddTitleAttribute function in sige.php in the Kubik-Rubik Simple Image Gallery Extended (SIGE) extension 3.2.3 for Joomla! has XSS via a crafted image header, as demonstrated by the Caption-Abstract header object in a JPEG file. This is fixed in 3.3.1.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2018

CVE-2018-7712
Publication date:
05/03/2018
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.height
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2024

CVE-2018-7713
Publication date:
05/03/2018
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.width
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2024

CVE-2018-7714
Publication date:
05/03/2018
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (pixels
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2024

CVE-2018-7715
Publication date:
05/03/2018
PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the path string from the corresponding XPC message. This string is supposed to point to PrivateVPN's internal openvpn binary. If a new connection has not already been established, an attacker can send the XPC service a malicious XPC message with the path string pointing at a binary that he or she controls. This results in the execution of arbitrary code as the root user.
Severity CVSS v4.0: Pending analysis
Last modification:
04/05/2020

CVE-2018-7716
Publication date:
05/03/2018
PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the config string from the corresponding XPC message. This string is supposed to point to an internal OpenVPN configuration file. If a new connection has not already been established, an attacker can send the XPC service a malicious XPC message with the config string pointing at an OpenVPN configuration file that he or she controls. In the configuration file, an attacker can specify a dynamic library plugin that should run for every new VPN connection. This plugin will execute code in the context of the root user.
Severity CVSS v4.0: Pending analysis
Last modification:
04/05/2020

CVE-2018-7711
Publication date:
05/03/2018
HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP functionality that interprets a -1 error code as a true boolean value.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2018

CVE-2017-18220
Publication date:
05/03/2018
The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities