Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-16641
Publication date:
06/09/2018
ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePhotoshopLayers function in coders/tiff.c.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-16642
Publication date:
06/09/2018
The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2018

CVE-2018-5389
Publication date:
06/09/2018
The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network.
Severity CVSS v4.0: Pending analysis
Last modification:
24/06/2024

CVE-2018-5391
Publication date:
06/09/2018
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-1000670
Publication date:
06/09/2018
KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number] , /cgi-bin/koha/serials/subscription-add.pl that can result in Privilege escalation by taking control of higher privileged users browser sessions. This attack appear to be exploitable via Victims must be socially engineered to visit a vulnerable webpage containing malicious payload. This vulnerability appears to have been fixed in 17.11.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2018

CVE-2018-1000669
Publication date:
06/09/2018
KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. This attack appear to be exploitable via The victim must be socially engineered into clicking a link, usually via email. This vulnerability appears to have been fixed in 17.11.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2018

CVE-2018-16622
Publication date:
06/09/2018
Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) discription or (2) comments field, related to users/userAddContent.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2018

CVE-2017-14026
Publication date:
06/09/2018
In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-5005
Publication date:
06/09/2018
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
16/11/2018

CVE-2017-16714
Publication date:
06/09/2018
In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-1000801
Publication date:
06/09/2018
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1
Severity CVSS v4.0: Pending analysis
Last modification:
20/03/2019

CVE-2018-1000671
Publication date:
06/09/2018
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2020
Subscribe to Vulnerabilities