Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-12648
Publication date:
22/06/2018
The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference.
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2019

CVE-2018-12430
Publication date:
22/06/2018
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-12429. Reason: This candidate is a reservation duplicate of CVE-2018-12429. Notes: All CVE users should reference CVE-2018-12429 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2017-2668
Publication date:
22/06/2018
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2017-7466
Publication date:
22/06/2018
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2021

CVE-2018-12641
Publication date:
22/06/2018
An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-12642
Publication date:
22/06/2018
Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-12633
Publication date:
22/06/2018
An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (hdr.size_in and hdr.size_out) in the header between the two fetches because of a race condition, leading to severe kernel errors, such as buffer over-accesses. This bug can cause a local denial of service and information leakage.
Severity CVSS v4.0: Pending analysis
Last modification:
21/08/2018

CVE-2018-12635
Publication date:
22/06/2018
CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs.
Severity CVSS v4.0: Pending analysis
Last modification:
10/08/2018

CVE-2018-12634
Publication date:
22/06/2018
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.
Severity CVSS v4.0: Pending analysis
Last modification:
08/07/2021

CVE-2018-12630
Publication date:
21/06/2018
NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI.
Severity CVSS v4.0: Pending analysis
Last modification:
10/08/2018

CVE-2018-12631
Publication date:
21/06/2018
Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal.
Severity CVSS v4.0: Pending analysis
Last modification:
10/08/2018

CVE-2018-12632
Publication date:
21/06/2018
Redatam7 (formerly Redatam WebServer) allows remote attackers to discover the installation path via an invalid LFN parameter to the /redbin/rpwebutilities.exe/text URI.
Severity CVSS v4.0: Pending analysis
Last modification:
10/08/2018
Subscribe to Vulnerabilities