Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-11777
Publication date:
08/11/2018
In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-1314
Publication date:
08/11/2018
In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-6433
Publication date:
08/11/2018
A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the source to a remote system.
Severity CVSS v4.0: Pending analysis
Last modification:
22/06/2021

CVE-2018-6434
Publication date:
08/11/2018
A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID.
Severity CVSS v4.0: Pending analysis
Last modification:
22/06/2021

CVE-2018-6435
Publication date:
08/11/2018
A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, and gain root access.
Severity CVSS v4.0: Pending analysis
Last modification:
22/06/2021

CVE-2018-6441
Publication date:
08/11/2018
A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell.
Severity CVSS v4.0: Pending analysis
Last modification:
22/06/2021

CVE-2018-6442
Publication date:
08/11/2018
A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands.
Severity CVSS v4.0: Pending analysis
Last modification:
22/06/2021

CVE-2018-19105
Publication date:
08/11/2018
LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0x89C04589 write access violation and application crash) or possibly have unspecified other impact via a crafted file.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2019

CVE-2018-19104
Publication date:
08/11/2018
In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
11/12/2018

CVE-2018-19109
Publication date:
08/11/2018
tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-19111
Publication date:
08/11/2018
The Google Cardboard application 1.8 for Android and 1.2 for iOS sends potentially private cleartext information to the Unity 3D Stats web site, as demonstrated by device make, model, and OS.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-19107
Publication date:
08/11/2018
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.
Severity CVSS v4.0: Pending analysis
Last modification:
01/03/2023
Subscribe to Vulnerabilities