Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-12070
Publication date:
14/06/2018
Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code.
Severity CVSS v4.0: Pending analysis
Last modification:
07/08/2018

CVE-2018-11689
Publication date:
14/06/2018
Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)
Severity CVSS v4.0: Pending analysis
Last modification:
24/04/2022

CVE-2018-8819
Publication date:
14/06/2018
An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via the "X-Wap-Profile" HTTP header.
Severity CVSS v4.0: Pending analysis
Last modification:
27/07/2021

CVE-2018-11574
Publication date:
14/06/2018
Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the `refuse-app` option are unaffected.
Severity CVSS v4.0: Pending analysis
Last modification:
03/12/2025

CVE-2018-12421
Publication date:
14/06/2018
LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string.
Severity CVSS v4.0: Pending analysis
Last modification:
10/08/2018

CVE-2018-12114
Publication date:
14/06/2018
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
Severity CVSS v4.0: Pending analysis
Last modification:
03/08/2018

CVE-2018-4833
Publication date:
14/06/2018
A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
14/12/2020

CVE-2018-12418
Publication date:
14/06/2018
Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-10821
Publication date:
14/06/2018
Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin role to inject arbitrary web script or HTML via the search panel.
Severity CVSS v4.0: Pending analysis
Last modification:
04/06/2020

CVE-2018-4842
Publication date:
14/06/2018
A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
13/12/2022

CVE-2018-4848
Publication date:
14/06/2018
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
13/12/2022

CVE-2017-17173
Publication date:
14/06/2018
Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to driver to release special kernel memory resource. Successful exploit may result in phone crash or arbitrary code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
13/08/2018
Subscribe to Vulnerabilities