Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-14031
Publication date:
13/07/2018
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2018

CVE-2018-14033
Publication date:
13/07/2018
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2018

CVE-2018-14029
Publication date:
13/07/2018
CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account's email field.
Severity CVSS v4.0: Pending analysis
Last modification:
06/09/2018

CVE-2018-14032
Publication date:
13/07/2018
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-11206. Reason: This candidate is a reservation duplicate of CVE-2018-11206. Notes: All CVE users should reference CVE-2018-11206 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-14015
Publication date:
12/07/2018
The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input validation in r_bin_dwarf_parse_comp_unit in libr/bin/dwarf.c.
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2025

CVE-2018-14016
Publication date:
12/07/2018
The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini Crash Dump file.
Severity CVSS v4.0: Pending analysis
Last modification:
15/10/2020

CVE-2018-14017
Publication date:
12/07/2018
The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in r_bin_java_line_number_table_attr_new.
Severity CVSS v4.0: Pending analysis
Last modification:
15/10/2020

CVE-2018-14012
Publication date:
12/07/2018
WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default URI.
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2018

CVE-2018-14014
Publication date:
12/07/2018
In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd.
Severity CVSS v4.0: Pending analysis
Last modification:
06/09/2018

CVE-2018-5529
Publication date:
12/07/2018
The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or disrupt service.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-13441
Publication date:
12/07/2018
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2020

CVE-2018-13457
Publication date:
12/07/2018
qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2020
Subscribe to Vulnerabilities