Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-8847
Publication date:
13/07/2018
Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
29/09/2020

CVE-2018-1000208
Publication date:
13/07/2018
MODX Revolution version
Severity CVSS v4.0: Pending analysis
Last modification:
07/09/2018

CVE-2018-1000206
Publication date:
13/07/2018
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.
Severity CVSS v4.0: Pending analysis
Last modification:
03/06/2019

CVE-2018-1000207
Publication date:
13/07/2018
MODX Revolution version
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-1000209
Publication date:
13/07/2018
Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insecure Permissions vulnerability in Sensu Core on Windows platforms that can result in Unprivileged users may execute code in context of Sensu service account. This attack appear to be exploitable via Unprivileged user may place an arbitrary DLL in the c:\opt\sensu\embedded\bin directory in order to exploit standard Windows DLL load order behavior. This vulnerability appears to have been fixed in 1.4.2-3 and later.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-1000211
Publication date:
13/07/2018
Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-1000210
Publication date:
13/07/2018
YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them. that can result in Code execution in the context of the running process. This attack appear to be exploitable via Victim must parse a specially-crafted YAML file. This vulnerability appears to have been fixed in 5.0.0.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-10098
Publication date:
13/07/2018
In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a denial of service (BSOD).
Severity CVSS v4.0: Pending analysis
Last modification:
10/09/2018

CVE-2018-10018
Publication date:
13/07/2018
The GDASPAMLib.AntiSpam ActiveX control ASK\GDASpam.dll in G DATA Total Security 25.4.0.3 has a buffer overflow via a long IsBlackListed argument.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2018

CVE-2018-7535
Publication date:
13/07/2018
An issue was discovered in TotalAV v4.1.7. An unprivileged user could modify or overwrite all of the product's files because of weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges or obtain maximum control over the product.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-1255
Publication date:
13/07/2018
RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-1245
Publication date:
13/07/2018
RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019
Subscribe to Vulnerabilities