Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-1663
Publication date:
07/12/2018
IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 144889.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-1424
Publication date:
07/12/2018
IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-1920
Publication date:
07/12/2018
IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152855.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-1883
Publication date:
07/12/2018
A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST API. IBM X-Force ID: 151969.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-1896
Publication date:
07/12/2018
IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-15362
Publication date:
07/12/2018
XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0
Severity CVSS v4.0: Pending analysis
Last modification:
06/02/2019

CVE-2018-11905
Publication date:
07/12/2018
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in WLAN function due to lack of input validation in values received from firmware.
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2019

CVE-2017-14888
Publication date:
07/12/2018
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Userspace can pass IEs to the host driver and if multiple append commands are received, then the integer variable that stores the length can overflow and the subsequent copy of the IE data may potentially lead to a heap buffer overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2019

CVE-2017-15835
Publication date:
07/12/2018
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, While processing the RIC Data Descriptor IE in an artificially crafted 802.11 frame with IE length more than 255, an infinite loop may potentially occur resulting in a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-17924
Publication date:
07/12/2018
Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address.
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2022

CVE-2018-19001
Publication date:
07/12/2018
Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-7364
Publication date:
07/12/2018
All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
01/03/2023
Subscribe to Vulnerabilities