Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-14644
Publication date:
09/11/2018
An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-1872
Publication date:
09/11/2018
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151330.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-19127
Publication date:
09/11/2018
A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a "
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2019

CVE-2018-19133
Publication date:
09/11/2018
In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address.
Severity CVSS v4.0: Pending analysis
Last modification:
31/12/2018

CVE-2018-19131
Publication date:
09/11/2018
Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
Severity CVSS v4.0: Pending analysis
Last modification:
11/12/2018

CVE-2018-19129
Publication date:
09/11/2018
In Libav 12.3, a NULL pointer dereference (RIP points to zero) issue in ff_mpa_synth_filter_float in libavcodec/mpegaudiodsp_template.c can cause a segmentation fault (application crash) via a crafted mov file.
Severity CVSS v4.0: Pending analysis
Last modification:
12/12/2018

CVE-2018-19126
Publication date:
09/11/2018
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload.
Severity CVSS v4.0: Pending analysis
Last modification:
12/12/2018

CVE-2018-19121
Publication date:
09/11/2018
An issue has been found in libIEC61850 v1.3. It is a SEGV in Ethernet_receivePacket in ethernet_bsd.c.
Severity CVSS v4.0: Pending analysis
Last modification:
07/12/2018

CVE-2018-19122
Publication date:
09/11/2018
An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in Ethernet_sendPacket in ethernet_bsd.c.
Severity CVSS v4.0: Pending analysis
Last modification:
07/12/2018

CVE-2018-19125
Publication date:
09/11/2018
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to delete an image directory.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-19132
Publication date:
09/11/2018
Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.
Severity CVSS v4.0: Pending analysis
Last modification:
11/07/2020

CVE-2018-19124
Publication date:
09/11/2018
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 on Windows allows remote attackers to write to arbitrary image files.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020
Subscribe to Vulnerabilities