Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-15480
Publication date:
30/08/2018
An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The cloud API had a hidden parameter, which allowed an authenticated user to reconfigure the server URL for a device registered to their account. In combination with an insecure device registration vulnerability, this allowed an attacker to reconfigure a maliciously registered device to their own rogue replica of the myStrom API and issue commands to the device, including firmware update commands.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-14899
Publication date:
30/08/2018
On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites.
Severity CVSS v4.0: Pending analysis
Last modification:
08/11/2018

CVE-2018-14900
Publication date:
30/08/2018
On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Remote attackers can send print jobs directly to the printer via TCP port 9100.
Severity CVSS v4.0: Pending analysis
Last modification:
08/11/2018

CVE-2018-14902
Publication date:
30/08/2018
The ContentProvider in the EPSON iPrint application 6.6.3 for Android does not properly restrict data access. This allows an attacker's application to read scanned documents.
Severity CVSS v4.0: Pending analysis
Last modification:
08/11/2018

CVE-2018-14901
Publication date:
30/08/2018
The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2016-0205
Publication date:
30/08/2018
A vulnerability has been identified in IBM Cloud Orchestrator 2.3, 2.3.0.1, 2.4, and 2.4.0.1 that could allow an attacker after authentication to enumerate valid users of the system. IBM X-Force ID: 109394.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2016-0234
Publication date:
30/08/2018
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2016-0373
Publication date:
30/08/2018
IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-11720
Publication date:
30/08/2018
Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Traversal.
Severity CVSS v4.0: Pending analysis
Last modification:
22/10/2018

CVE-2018-11718
Publication date:
30/08/2018
Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF.
Severity CVSS v4.0: Pending analysis
Last modification:
22/10/2018

CVE-2018-11719
Publication date:
30/08/2018
Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE.
Severity CVSS v4.0: Pending analysis
Last modification:
22/10/2018

CVE-2018-16159
Publication date:
30/08/2018
The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2018
Subscribe to Vulnerabilities