Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-0715
Publication date:
27/08/2018
Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2018

CVE-2018-10938
Publication date:
27/08/2018
A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-15895
Publication date:
27/08/2018
An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14858.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2018

CVE-2014-10074
Publication date:
27/08/2018
Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files.
Severity CVSS v4.0: Pending analysis
Last modification:
06/11/2018

CVE-2015-9264
Publication date:
27/08/2018
Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute arbitrary code on the administrator's workstation via a crafted Windows service.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2018

CVE-2015-9263
Publication date:
27/08/2018
An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands.
Severity CVSS v4.0: Pending analysis
Last modification:
05/11/2018

CVE-2018-15899
Publication date:
27/08/2018
An issue was discovered in MiniCMS 1.10. There is a post.php?date= XSS vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
30/10/2018

CVE-2018-15893
Publication date:
27/08/2018
A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
23/10/2018

CVE-2018-15894
Publication date:
27/08/2018
A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
23/10/2018

CVE-2018-15602
Publication date:
26/08/2018
Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
17/10/2018

CVE-2018-15885
Publication date:
26/08/2018
Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities or purpose. This makes it easier for adversaries to detect the covert operation. Specifically, the product uses a compression technique to prevent the identification of certain libraries in the software by obfuscation. The software relies on a TLS callback and an additional executable file to enable these libraries and their access to certain websites. The unpacked software can be exploited by several different types of documented techniques.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2018

CVE-2018-15888
Publication date:
26/08/2018
An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly.
Severity CVSS v4.0: Pending analysis
Last modification:
06/11/2018
Subscribe to Vulnerabilities