Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-19064
Publication date:
07/11/2018
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which cannot be changed.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-19061
Publication date:
07/11/2018
DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
10/12/2018

CVE-2018-19060
Publication date:
07/11/2018
An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.
Severity CVSS v4.0: Pending analysis
Last modification:
06/08/2019

CVE-2018-19059
Publication date:
07/11/2018
An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.
Severity CVSS v4.0: Pending analysis
Last modification:
06/08/2019

CVE-2018-19058
Publication date:
07/11/2018
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
Severity CVSS v4.0: Pending analysis
Last modification:
11/02/2023

CVE-2018-18590
Publication date:
07/11/2018
A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-19057
Publication date:
07/11/2018
SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with [ and ( characters, which is mishandled during construction of an A element.
Severity CVSS v4.0: Pending analysis
Last modification:
12/12/2018

CVE-2018-19056
Publication date:
07/11/2018
pandao Editor.md 1.5.0 has DOM XSS via input starting with a "
Severity CVSS v4.0: Pending analysis
Last modification:
12/12/2018

CVE-2018-8021
Publication date:
07/11/2018
Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.
Severity CVSS v4.0: Pending analysis
Last modification:
30/01/2019

CVE-2018-16843
Publication date:
07/11/2018
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
Severity CVSS v4.0: Pending analysis
Last modification:
22/02/2022

CVE-2018-16844
Publication date:
07/11/2018
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
Severity CVSS v4.0: Pending analysis
Last modification:
22/02/2022

CVE-2018-16845
Publication date:
07/11/2018
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
Severity CVSS v4.0: Pending analysis
Last modification:
22/02/2022
Subscribe to Vulnerabilities