Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-7426
Publication date:
01/03/2018
The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2017-7435
Publication date:
01/03/2018
In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2017-7436
Publication date:
01/03/2018
In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2017-14798
Publication date:
01/03/2018
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-7579
Publication date:
01/03/2018
\application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html.
Severity CVSS v4.0: Pending analysis
Last modification:
22/03/2018

CVE-2018-7584
Publication date:
01/03/2018
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.
Severity CVSS v4.0: Pending analysis
Last modification:
19/08/2019

CVE-2018-2380
Publication date:
01/03/2018
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
Severity CVSS v4.0: Pending analysis
Last modification:
31/10/2025

CVE-2018-2368
Publication date:
01/03/2018
SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2018

CVE-2018-2367
Publication date:
01/03/2018
ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2018

CVE-2018-2365
Publication date:
01/03/2018
SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2018

CVE-2018-7550
Publication date:
01/03/2018
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
Severity CVSS v4.0: Pending analysis
Last modification:
30/01/2024

CVE-2018-7573
Publication date:
01/03/2018
An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with the FTP 220 response code to crash the application; after this overflow, one can run arbitrary code on the victim machine. This is similar to CVE-2009-3364 and CVE-2017-6465.
Severity CVSS v4.0: Pending analysis
Last modification:
01/03/2019
Subscribe to Vulnerabilities