Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-15856

Publication date:

06/07/2018

Due to a race condition while processing the power stats debug file to read status, a double free condition can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

Severity CVSS v4.0: Pending analysis

Last modification:

27/08/2018

CVE-2017-18158

Publication date:

06/07/2018

Possible buffer overflows and array out of bounds accesses in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05 while flashing images.

Severity CVSS v4.0: Pending analysis

Last modification:

27/08/2018

CVE-2017-18159

Publication date:

06/07/2018

In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, while processing a StrHwPlatform with length smaller than EFICHIPINFO_MAX_ID_LENGTH, an array out of bounds access may occur.

Severity CVSS v4.0: Pending analysis

Last modification:

28/08/2018

CVE-2018-3564

Publication date:

06/07/2018

In the FastRPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a Use After Free condition can occur when mapping on the remote processor fails.

Severity CVSS v4.0: Pending analysis

Last modification:

28/08/2018

CVE-2018-11258

Publication date:

06/07/2018

In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20.

Severity CVSS v4.0: Pending analysis

Last modification:

06/09/2018

CVE-2017-11088

Publication date:

06/07/2018

Improper Input Validation in Linux io-prefetch in Snapdragon Mobile and Snapdragon Wear, A SQL injection vulnerability exists in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 835, SD 845.

Severity CVSS v4.0: Pending analysis

Last modification:

04/09/2018

CVE-2018-11259

Publication date:

06/07/2018

Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and configures the EFS partition addresses in its MPU partition.

Severity CVSS v4.0: Pending analysis

Last modification:

03/10/2019

CVE-2018-3569

Publication date:

06/07/2018

A buffer over-read can occur during a fast initial link setup (FILS) connection in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

Severity CVSS v4.0: Pending analysis

Last modification:

03/10/2019

CVE-2017-15824

Publication date:

06/07/2018

In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the function UpdateDeviceStatus() writes a local stack buffer without initialization to flash memory using WriteToPartition() which may potentially leak memory.

Severity CVSS v4.0: Pending analysis

Last modification:

03/10/2019

CVE-2018-11257

Publication date:

06/07/2018

Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versions SD 210/SD 212/SD 205, SD 845, SD 850.

Severity CVSS v4.0: Pending analysis

Last modification:

03/10/2019

CVE-2018-10892

Publication date:

06/07/2018

The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host&#39;s hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.

Severity CVSS v4.0: Pending analysis

Last modification:

12/02/2023

CVE-2018-13108

Publication date:

06/07/2018

All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP (e.g., VoIP credentials) or attack the internal network of the ISP.

Severity CVSS v4.0: Pending analysis

Last modification:

03/10/2019

Subscribe to Vulnerabilities