Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-19980

Publication date:

08/12/2018

Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cause a denial of service (reboot of the underlying Android 7.1.2 operating system) via a crafted application that sends data to WifiService.

Severity CVSS v4.0: Pending analysis

Last modification:

03/01/2019

CVE-2018-19967

Publication date:

08/12/2018

An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel&#39;s mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix.

Severity CVSS v4.0: Pending analysis

Last modification:

17/04/2019

CVE-2018-19961

Publication date:

08/12/2018

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2018-19962

Publication date:

08/12/2018

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2018-19963

Publication date:

08/12/2018

An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled.

Severity CVSS v4.0: Pending analysis

Last modification:

03/10/2019

CVE-2018-19965

Publication date:

08/12/2018

An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2018-19966

Publication date:

08/12/2018

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2018-19964

Publication date:

08/12/2018

An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service (host OS hang) because the p2m lock remains unavailable indefinitely in certain error conditions.

Severity CVSS v4.0: Pending analysis

Last modification:

24/08/2020

CVE-2018-9517

Publication date:

07/12/2018

In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2019

CVE-2018-9518

Publication date:

07/12/2018

In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.

Severity CVSS v4.0: Pending analysis

Last modification:

02/01/2019

CVE-2018-9519

Publication date:

07/12/2018

In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-69808833.

Severity CVSS v4.0: Pending analysis

Last modification:

08/01/2019

CVE-2018-9578

Publication date:

07/12/2018

In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113261928.

Severity CVSS v4.0: Pending analysis

Last modification:

13/11/2019

Subscribe to Vulnerabilities