Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-5198
Publication date:
20/12/2018
In Veraport G3 ALL on MacOS, a race condition when calling the Veraport API allow remote attacker to cause arbitrary file download and execution. This results in remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2023

CVE-2018-5199
Publication date:
20/12/2018
In Veraport G3 ALL on MacOS, due to insufficient domain validation, It is possible to overwrite installation file to malicious file. A remote unauthenticated attacker may use this vulnerability to execute arbitrary file.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2023

CVE-2018-5200
Publication date:
20/12/2018
KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2023

CVE-2018-8653
Publication date:
20/12/2018
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8643.
Severity CVSS v4.0: Pending analysis
Last modification:
29/10/2025

CVE-2018-6669
Publication date:
20/12/2018
A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-20301
Publication date:
20/12/2018
An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, "registration" endpoints (e.g., creating, editing, updating) allow users to update any coherence_fields data. For example, users can automatically confirm their accounts by sending the confirmed_at parameter with their registration request.
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2019

CVE-2018-20306
Publication date:
20/12/2018
A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. Affected releases are Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1.
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2019

CVE-2018-20307
Publication date:
20/12/2018
Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authenticated user to obtain sensitive historical activity information by leveraging incorrect permission validation.
Severity CVSS v4.0: Pending analysis
Last modification:
14/07/2020

CVE-2018-20302
Publication date:
20/12/2018
An XSS issue was discovered in Steve Pallen Xain before 0.6.2 via the order parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2019

CVE-2018-20304
Publication date:
20/12/2018
wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows attackers to cause a denial of service (SEGV) via a long second argument. NOTE: this is not a Microsoft product.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2019

CVE-2018-20303
Publication date:
20/12/2018
In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2019

CVE-2018-20300
Publication date:
20/12/2018
Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2019
Subscribe to Vulnerabilities