Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-19490
Publication date:
23/11/2018
An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.
Severity CVSS v4.0: Pending analysis
Last modification:
28/09/2020

CVE-2018-19491
Publication date:
23/11/2018
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot postscript terminal is used as a backend.
Severity CVSS v4.0: Pending analysis
Last modification:
28/09/2020

CVE-2018-19486
Publication date:
23/11/2018
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2019

CVE-2018-19476
Publication date:
23/11/2018
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-19477
Publication date:
23/11/2018
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-19475
Publication date:
23/11/2018
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-19469
Publication date:
23/11/2018
ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomation realname or email parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
19/12/2018

CVE-2018-19468
Publication date:
23/11/2018
HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI.
Severity CVSS v4.0: Pending analysis
Last modification:
19/12/2018

CVE-2018-19464
Publication date:
22/11/2018
Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code.
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2020

CVE-2018-19463
Publication date:
22/11/2018
zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI. NOTE: The vendor's position is "We have no dynamic including. No one can run PHP by uploading an image in current version." It also requires authentication
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2024

CVE-2018-19459
Publication date:
22/11/2018
Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file.
Severity CVSS v4.0: Pending analysis
Last modification:
18/12/2018

CVE-2018-19457
Publication date:
22/11/2018
Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file.
Severity CVSS v4.0: Pending analysis
Last modification:
18/12/2018
Subscribe to Vulnerabilities