Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-16237

Publication date:

30/08/2018

An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via &#39;|&#39; characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI.

Severity CVSS v4.0: Pending analysis

Last modification:

19/10/2018

CVE-2018-16234

Publication date:

30/08/2018

MorningStar WhatWeb 0.4.9 has XSS via JSON report files.

Severity CVSS v4.0: Pending analysis

Last modification:

23/10/2018

CVE-2018-16236

Publication date:

30/08/2018

cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering.

Severity CVSS v4.0: Pending analysis

Last modification:

23/10/2018

CVE-2018-16233

Publication date:

30/08/2018

MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

30/10/2018

CVE-2018-16239

Publication date:

30/08/2018

An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which makes it possible to determine the cookie for an existing admin session via 10800 guesses.

Severity CVSS v4.0: Pending analysis

Last modification:

03/10/2019

CVE-2018-16231

Publication date:

30/08/2018

Michael Roth Software Personal FTP Server (PFTP) through 8.4f allows remote attackers to cause a denial of service (daemon crash) via an unspecified sequence of FTP commands.

Severity CVSS v4.0: Pending analysis

Last modification:

11/12/2018

CVE-2018-6498

Publication date:

30/08/2018

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2018-6499

Publication date:

30/08/2018

Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05, Service Virtualization (SV) with floating licenses using Any version using APLS older than 10.7, Unified Functional Testing (UFT) with floating licenses using Any version using APLS older than 10.7, Network Virtualization (NV) with floating licenses using Any version using APLS older than 10.7 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2018-15364

Publication date:

30/08/2018

A Named Pipe Request Processing Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro OfficeScan XG (12.0) could allow a local attacker to disclose sensitive information on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

08/11/2018

CVE-2018-10513

Publication date:

30/08/2018

A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

26/10/2018

CVE-2018-10514

Publication date:

30/08/2018

A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

03/10/2019

CVE-2018-15363

Publication date:

30/08/2018

An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

03/10/2019

Subscribe to Vulnerabilities