Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-19861
Publication date:
03/01/2019
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD request. NOTE: this product is discontinued.
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2019

CVE-2018-19862
Publication date:
03/01/2019
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP POST request. NOTE: this product is discontinued.
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2019

CVE-2018-14481
Publication date:
03/01/2019
Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280.
Severity CVSS v4.0: Pending analysis
Last modification:
14/01/2019

CVE-2018-19523
Publication date:
03/01/2019
DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x80002068) with a user defined buffer size. If the size of the buffer is less than 512 bytes, then the driver will overwrite the next pool header if there is one next to the user buffer's pool.
Severity CVSS v4.0: Pending analysis
Last modification:
08/02/2019

CVE-2018-19992
Publication date:
03/01/2019
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php.
Severity CVSS v4.0: Pending analysis
Last modification:
17/11/2022

CVE-2018-17161
Publication date:
03/01/2019
In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of network-provided data in bootpd may make it possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow. It is possible that the buffer overflow could lead to a Denial of Service or remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2019-3701
Publication date:
03/01/2019
An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames.
Severity CVSS v4.0: Pending analysis
Last modification:
03/09/2019

CVE-2018-16882
Publication date:
03/01/2019
A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions before 4.14.91 and before 4.19.13 are vulnerable.
Severity CVSS v4.0: Pending analysis
Last modification:
19/01/2023

CVE-2018-16870
Publication date:
03/01/2019
It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-16885
Publication date:
03/01/2019
A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2023

CVE-2017-18329
Publication date:
03/01/2019
Possible Buffer overflow when transmitting an RTP packet in snapdragon automobile and snapdragon wear in versions MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 810, SD 820, SD 835, SD 845 / SD 850, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2019

CVE-2017-18328
Publication date:
03/01/2019
Use after free in QSH client rule processing in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 820, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016.
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2019
Subscribe to Vulnerabilities