Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2016-8654
Publication date:
01/08/2018
A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2016-8651
Publication date:
01/08/2018
An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2023

CVE-2016-9579
Publication date:
01/08/2018
A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2023

CVE-2018-3650
Publication date:
01/08/2018
Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2018

CVE-2018-3662
Publication date:
01/08/2018
Escalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-3663
Publication date:
01/08/2018
Escalation of privilege in Intel Saffron MemoryBase before 11.4 allows an authenticated user access to privileged information.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-3666
Publication date:
01/08/2018
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a non-paged pool overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-3671
Publication date:
01/08/2018
Escalation of privilege in Intel Saffron admin application before 11.4 allows an authenticated user to access unauthorized information.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-3672
Publication date:
01/08/2018
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a system calls.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-3670
Publication date:
01/08/2018
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a buffer overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2018

CVE-2017-5692
Publication date:
01/08/2018
Out-of-bounds read condition in older versions of some Intel Graphics Driver for Windows code branches allows local users to perform a denial of service attack.
Severity CVSS v4.0: Pending analysis
Last modification:
11/10/2018

CVE-2018-3921
Publication date:
01/08/2018
A memory corruption vulnerability exists in the PSD-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PSD image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver a PSD image to trigger this vulnerability and gain code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
03/02/2023
Subscribe to Vulnerabilities