Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-18252
Publication date:
27/03/2018
An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file.
Severity CVSS v4.0: Pending analysis
Last modification:
19/08/2020

CVE-2018-9039
Publication date:
27/03/2018
In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-9032
Publication date:
27/03/2018
An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2021

CVE-2018-7658
Publication date:
26/03/2018
NTSServerSvc.exe in the server in Softros Network Time System 2.3.4 allows remote attackers to cause a denial of service (daemon crash) by sending exactly 11 bytes.
Severity CVSS v4.0: Pending analysis
Last modification:
24/04/2018

CVE-2017-12410
Publication date:
26/03/2018
It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and earlier tries to execute its binaries from working and/or temporary folders. Successful exploitation results in the execution of arbitrary programs with "NT AUTHORITY\SYSTEM" privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2018

CVE-2017-12815
Publication date:
26/03/2018
Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/content/JavaStart.jar and is callable from an arbitrary website using and/or tags. Successful exploitation results in file creation/modification/deletion in the operating system and with privileges of the user that ran the Java applet.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2018

CVE-2018-8802
Publication date:
26/03/2018
SQL injection vulnerability in the management interface in ePortal Manager allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
Severity CVSS v4.0: Pending analysis
Last modification:
21/08/2018

CVE-2017-18249
Publication date:
26/03/2018
The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2019

CVE-2018-7673
Publication date:
26/03/2018
The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-1348
Publication date:
26/03/2018
NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM attack.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-1349
Publication date:
26/03/2018
The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-1350
Publication date:
26/03/2018
The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities