Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-11842
Publication date:
18/09/2018
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, during wlan association, driver allocates memory. In case the mem allocation fails driver does a mem free though the memory was not allocated.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2018

CVE-2018-11836
Publication date:
18/09/2018
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check can lead to out-of-bounds access in WLAN function.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2018

CVE-2018-11827
Publication date:
18/09/2018
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper validation of array index in WMA roam synchronization handler can lead to OOB write.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2019

CVE-2018-11818
Publication date:
18/09/2018
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, LUT configuration is passed down to driver from userspace via ioctl. Simultaneous update from userspace while kernel drivers are updating LUT registers can lead to race condition.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2018

CVE-2018-11302
Publication date:
18/09/2018
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from userspace before copying into buffer can lead to potential array overflow in WLAN.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2018

CVE-2018-11826
Publication date:
18/09/2018
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on integer overflow while calculating memory can lead to Buffer overflow in WLAN ext scan handler.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-11832
Publication date:
18/09/2018
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of input size validation before copying to buffer in PMIC function can lead to heap overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-11299
Publication date:
18/09/2018
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when WLAN FW has not filled the vdev id correctly in stats events then WLAN host driver tries to access interface array without proper bound check which can lead to invalid memory access and as a side effect kernel panic or page fault.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2019

CVE-2018-11301
Publication date:
18/09/2018
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on buffer length while processing debug log event from firmware can lead to an integer overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2018

CVE-2018-11300
Publication date:
18/09/2018
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, callback executed from the other thread has freed memory which is also used in wlan function and may result in to a "Use after free" scenario.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2018

CVE-2018-11298
Publication date:
18/09/2018
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing SET_PASSPOINT_LIST vendor command HDD does not make sure that the realm string that gets passed by upper-layer is NULL terminated. This may lead to buffer overflow as strlen is used to get realm string length to construct the PASSPOINT WMA command.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2018

CVE-2018-11297
Publication date:
18/09/2018
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a buffer over-read can occur In the WMA NDP event handler functions due to lack of validation of input value event_info which is received from FW.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2018
Subscribe to Vulnerabilities