Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-17484
Publication date:
21/03/2019
Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Sample Database.mdb database while in kiosk mode. By using attack vectors outlined in kiosk breakout, an attacker could exploit this vulnerability to view and edit the database.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-17485
Publication date:
21/03/2019
Lobby Track Desktop contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-17486
Publication date:
21/03/2019
Lobby Track Desktop could allow a local attacker to bypass security restrictions, caused by an error in the find visitor function while in kiosk mode. By visiting the kiosk and selecting find visitor, an attacker could exploit this vulnerability to delete visitor records or remove a host.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-17167
Publication date:
21/03/2019
PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access Control configuration, (4) "Service Name" in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration.
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2019

CVE-2018-16519
Publication date:
21/03/2019
COYO 9.0.8, 10.0.11 and 12.0.4 has cross-site scripting (XSS) via URLs used by "iFrame" widgets.
Severity CVSS v4.0: Pending analysis
Last modification:
21/03/2019

CVE-2018-16563
Publication date:
21/03/2019
A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-16789
Publication date:
21/03/2019
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-15818
Publication date:
21/03/2019
An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php.
Severity CVSS v4.0: Pending analysis
Last modification:
22/03/2019

CVE-2018-15532
Publication date:
21/03/2019
SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2019

CVE-2018-15498
Publication date:
21/03/2019
YSoft SafeQ Server 6 allows a replay attack.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-15508
Publication date:
21/03/2019
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control allowing a remote attackers to cause a denial of service via opening a connection on port 8083 to a device running the Five9 SoftPhone(issue 1 of 2).
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-15906
Publication date:
21/03/2019
SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019
Subscribe to Vulnerabilities