Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-19150
Publication date:
10/11/2018
Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdfforge PDF Architect 6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of a "Data from Faulting Address controls Code Flow" issue.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2019

CVE-2018-19148
Publication date:
10/11/2018
Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for attackers to enumerate hostnames. Specifically, when unable to match a Host header with a vhost in its configuration, it serves the X.509 certificate for a randomly selected vhost in its configuration. Repeated requests (with a nonexistent hostname in the Host header) permit full enumeration of all certificates on the server. This generally permits an attacker to easily and accurately discover the existence of and relationships among hostnames that weren't meant to be public, though this information could likely have been discovered via other methods with additional effort.
Severity CVSS v4.0: Pending analysis
Last modification:
30/01/2019

CVE-2018-19149
Publication date:
10/11/2018
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
Severity CVSS v4.0: Pending analysis
Last modification:
06/08/2019

CVE-2018-19084
Publication date:
10/11/2018
RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E05C with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-19085
Publication date:
10/11/2018
RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E048 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-19086
Publication date:
10/11/2018
RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E040 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-19087
Publication date:
10/11/2018
RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E044 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-19145
Publication date:
09/11/2018
An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
11/12/2018

CVE-2018-15796
Publication date:
09/11/2018
Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-19138
Publication date:
09/11/2018
WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI.
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2019

CVE-2018-17612
Publication date:
09/11/2018
Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or software publishers for several years, even if the HeadSetup product is uninstalled. NOTE: a vulnerability-assessment approach must check all Windows systems for CA certificates with a CN of 127.0.0.1 or SennComRootCA, and determine whether those certificates are unwanted.
Severity CVSS v4.0: Pending analysis
Last modification:
15/05/2019

CVE-2018-19139
Publication date:
09/11/2018
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2020
Subscribe to Vulnerabilities