Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-5479
Publication date:
15/01/2018
FoxSash ImgHosting 1.5 (according to footer information) is vulnerable to XSS attacks. The affected function is its search engine via the search parameter to the default URI. Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2018

CVE-2018-5700
Publication date:
14/01/2018
Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copy_folder_file call (in inc/class.ftpfolder.php) to move a .php file from the FTP folder into a web folder.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2018

CVE-2018-5688
Publication date:
14/01/2018
ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2018

CVE-2017-15128
Publication date:
14/01/2018
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG).
Severity CVSS v4.0: Pending analysis
Last modification:
15/07/2021

CVE-2017-15126
Publication date:
14/01/2018
A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd_ctx_put().
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2024

CVE-2017-15127
Publication date:
14/01/2018
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2023

CVE-2018-5691
Publication date:
14/01/2018
SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module.
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2019

CVE-2018-5693
Publication date:
14/01/2018
The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2019

CVE-2018-5694
Publication date:
14/01/2018
The callforward module in User Control Panel (UCP) in Nicolas Gudino (aka Asternic) Flash Operator Panel (FOP) 2.31.03 allows remote authenticated users to execute arbitrary commands via the command parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-5698
Publication date:
14/01/2018
libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based buffer over-read via an unterminated string.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-5690
Publication date:
14/01/2018
Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number).
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2018

CVE-2018-5689
Publication date:
14/01/2018
Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2018
Subscribe to Vulnerabilities