Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-11737
Publication date:
05/06/2018
An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec in tsk/fs/ntfs_dent.cpp which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
13/07/2018

CVE-2018-11738
Publication date:
05/06/2018
An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack.
Severity CVSS v4.0: Pending analysis
Last modification:
13/07/2018

CVE-2018-11739
Publication date:
05/06/2018
An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack.
Severity CVSS v4.0: Pending analysis
Last modification:
13/07/2018

CVE-2018-11740
Publication date:
05/06/2018
An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack.
Severity CVSS v4.0: Pending analysis
Last modification:
13/07/2018

CVE-2018-11678
Publication date:
05/06/2018
plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the login_attempts cookie.
Severity CVSS v4.0: Pending analysis
Last modification:
20/07/2018

CVE-2018-11554
Publication date:
05/06/2018
The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach.
Severity CVSS v4.0: Pending analysis
Last modification:
31/07/2018

CVE-2018-11735
Publication date:
05/06/2018
index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
23/07/2018

CVE-2018-11736
Publication date:
05/06/2018
An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file.
Severity CVSS v4.0: Pending analysis
Last modification:
23/07/2018

CVE-2017-18286
Publication date:
05/06/2018
nZEDb v0.7.3.3 has XSS in the 404 error page.
Severity CVSS v4.0: Pending analysis
Last modification:
31/07/2018

CVE-2016-1000344
Publication date:
04/06/2018
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2025

CVE-2016-1000345
Publication date:
04/06/2018
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2025

CVE-2016-1000346
Publication date:
04/06/2018
In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2025
Subscribe to Vulnerabilities