Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-3616
Publication date:
12/09/2018
Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network.
Severity CVSS v4.0: Pending analysis
Last modification:
17/08/2023

CVE-2018-3657
Publication date:
12/09/2018
Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
17/08/2023

CVE-2018-3658
Publication date:
12/09/2018
Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access.
Severity CVSS v4.0: Pending analysis
Last modification:
17/08/2023

CVE-2018-12150
Publication date:
12/09/2018
Escalation of privilege in Installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially execute code or disclose information as administrator via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2018

CVE-2018-12151
Publication date:
12/09/2018
Buffer overflow in installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially cause a buffer overflow potentially leading to a denial of service via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
30/10/2018

CVE-2018-12162
Publication date:
12/09/2018
Directory permissions in the Intel OpenVINO Toolkit for Windows before version 2018.1.265 may allow an authenticated user to potentially execute code using default directory permissions via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-12163
Publication date:
12/09/2018
A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 installer may allow an authenticated user to potentially escalate privileges using file modification via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-12168
Publication date:
12/09/2018
Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-12171
Publication date:
12/09/2018
Privilege escalation in Intel Baseboard Management Controller (BMC) firmware before version 1.43.91f76955 may allow an unprivileged user to potentially execute arbitrary code or perform denial of service over the network.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-12160
Publication date:
12/09/2018
DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-12149
Publication date:
12/09/2018
Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2018

CVE-2018-12148
Publication date:
12/09/2018
Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019
Subscribe to Vulnerabilities