Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-17500

Publication date:
21/03/2019
Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-17487

Publication date:
21/03/2019
Lobby Track Desktop could allow a local attacker to gain elevated privileges on the system, caused by an error in the printer dialog. By visiting the kiosk and signing in as a visitor, an attacker could exploit this vulnerability using the command line to break out of kiosk mode.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-17488

Publication date:
21/03/2019
Lobby Track Desktop could allow a local attacker to gain elevated privileges on the system, caused by an error in the printer dialog. By visiting the kiosk and accessing the print badge screen, an attacker could exploit this vulnerability using the command line to break out of kiosk mode.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-17489

Publication date:
21/03/2019
EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this vulnerability to view stored social security numbers.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-17492

Publication date:
21/03/2019
EasyLobby Solo contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-17493

Publication date:
21/03/2019
eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other processes on the system.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-17494

Publication date:
21/03/2019
eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows key twice, an attacker could exploit this vulnerability to close the program and launch other processes on the system.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-17495

Publication date:
21/03/2019
eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Help Dialog. By visiting the kiosk and removing the program from fullscreen, an attacker could exploit this vulnerability using the terminal to launch the command prompt.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-17496

Publication date:
21/03/2019
eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error while in kiosk mode. By visiting the kiosk and typing ctrl+shift+esc, an attacker could exploit this vulnerability to open the task manager to kill the process or launch new processes on the system.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-17490

Publication date:
21/03/2019
EasyLobby Solo is vulnerable to a denial of service. By visiting the kiosk and accessing the task manager, a local attacker could exploit this vulnerability to kill the process or launch new processes at will.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-17491

Publication date:
21/03/2019
EasyLobby Solo could allow a local attacker to gain elevated privileges on the system. By visiting the kiosk and typing "esc" to exit the program, an attacker could exploit this vulnerability to perform unauthorized actions on the computer.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-17497

Publication date:
21/03/2019
eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020