Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-12149
Publication date:
12/09/2018
Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2018

CVE-2018-12148
Publication date:
12/09/2018
Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-7572
Publication date:
12/09/2018
Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network connectivity, and trigger a connection to a crafted proxy server with an invalid SSL certificate that allows certification-manager access, leading to the ability to browse local files and execute local programs.
Severity CVSS v4.0: Pending analysis
Last modification:
27/11/2018

CVE-2018-16729
Publication date:
12/09/2018
Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2018

CVE-2018-16727
Publication date:
12/09/2018
razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2018

CVE-2018-16728
Publication date:
12/09/2018
feindura 2.0.7 allows XSS via the tags field of a new page created at index.php?category=0&page=new.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2018

CVE-2018-16726
Publication date:
12/09/2018
razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2018

CVE-2018-16389
Publication date:
12/09/2018
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2018

CVE-2018-16388
Publication date:
12/09/2018
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2018

CVE-2018-15834
Publication date:
12/09/2018
In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-16605
Publication date:
12/09/2018
D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2021

CVE-2018-13411
Publication date:
12/09/2018
An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version.
Severity CVSS v4.0: Pending analysis
Last modification:
21/04/2021
Subscribe to Vulnerabilities