Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-1000831
Publication date:
20/12/2018
K9Mail version
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2019

CVE-2018-1000830
Publication date:
20/12/2018
XR3Player version
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2019

CVE-2018-1000825
Publication date:
20/12/2018
FreeCol version
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2019

CVE-2018-1000832
Publication date:
20/12/2018
ZoneMinder version
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-1000837
Publication date:
20/12/2018
UML Designer version
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2019

CVE-2018-1000835
Publication date:
20/12/2018
KeePassDX version
Severity CVSS v4.0: Pending analysis
Last modification:
12/09/2019

CVE-2018-1000828
Publication date:
20/12/2018
FrostWire version
Severity CVSS v4.0: Pending analysis
Last modification:
24/10/2019

CVE-2018-1000842
Publication date:
20/12/2018
FatFreeCRM version =0.15.0 =0.16.0 =0.17.0
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-1000813
Publication date:
20/12/2018
Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Sanitization of custom class names used on blocks and layouts. that can result in Execution of JavaScript from an unexpected source.. This attack appear to be exploitable via A user must be directed to an affected page while logged in.. This vulnerability appears to have been fixed in 1.11.1 and later.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2019

CVE-2018-1000811
Publication date:
20/12/2018
bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP code.
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2019

CVE-2018-1000816
Publication date:
20/12/2018
Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where the payload was previously inserted..
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2019

CVE-2017-9704
Publication date:
20/12/2018
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, There is no synchronization between msm_vb2 buffer operations which can lead to use after free.
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2019
Subscribe to Vulnerabilities