Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-5492
Publication date:
04/10/2018
NetApp E-Series SANtricity OS Controller Software 11.30 and later version 11.30.5 is susceptible to unauthenticated remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2018

CVE-2018-11784
Publication date:
04/10/2018
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
Severity CVSS v4.0: Pending analysis
Last modification:
08/12/2023

CVE-2018-17972
Publication date:
03/10/2018
An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-17974
Publication date:
03/10/2018
An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2022

CVE-2018-6695
Publication date:
03/10/2018
SSH host keys generation vulnerability in the server in McAfee Threat Intelligence Exchange Server (TIE Server) 1.3.0, 2.0.x, 2.1.x, 2.2.0 allows man-in-the-middle attackers to spoof servers via acquiring keys from another environment.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-5921
Publication date:
03/10/2018
A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow elevation of privilege.
Severity CVSS v4.0: Pending analysis
Last modification:
27/11/2018

CVE-2018-17881
Publication date:
03/10/2018
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change.
Severity CVSS v4.0: Pending analysis
Last modification:
26/04/2023

CVE-2018-17562
Publication date:
03/10/2018
Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2018

CVE-2018-17880
Publication date:
03/10/2018
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 RunReboot commands without authentication to trigger a reboot.
Severity CVSS v4.0: Pending analysis
Last modification:
26/04/2023

CVE-2018-17553
Publication date:
03/10/2018
An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2018

CVE-2018-17552
Publication date:
03/10/2018
SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2018

CVE-2018-17428
Publication date:
03/10/2018
An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2018
Subscribe to Vulnerabilities