Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-10604
Publication date:
24/07/2018
SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
31/08/2020

CVE-2018-14335
Publication date:
24/07/2018
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.
Severity CVSS v4.0: Pending analysis
Last modification:
29/10/2024

CVE-2018-13386
Publication date:
24/07/2018
There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for Windows before version 2.6.9 are affected by this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-14573
Publication date:
23/07/2018
A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683.
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2018

CVE-2018-8031
Publication date:
23/07/2018
The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE bundles do not ship with this application included. This issue can be mitigated by removing the application after TomEE is setup (if using the application to install TomEE), using one of the provided pre-configured bundles, or by upgrading to TomEE 7.0.5. This issue is resolve in this commit: b8bbf50c23ce97dd64f3a5d77f78f84e47579863.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-10912
Publication date:
23/07/2018
keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server.
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2021

CVE-2018-11451
Publication date:
23/07/2018
A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
22/03/2019

CVE-2018-11452
Publication date:
23/07/2018
A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
22/03/2019

CVE-2016-10728
Publication date:
23/07/2018
An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to missed detection.
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2018

CVE-2018-14570
Publication date:
23/07/2018
A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a profile avatar field, by using an image Content-Type (e.g., image/jpeg) with a modified filename and file content. This results in arbitrary code execution by requesting that .php file.
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2018

CVE-2018-14328
Publication date:
23/07/2018
Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for /dashboard/addplan, /dashboard/paywithcard/charge, /dashboard/withdrawal, or /privacy&terms, as demonstrated by reading database username, database password, database_name, and IP address fields, related to CVE-2018-12908.
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2018

CVE-2018-14568
Publication date:
23/07/2018
Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received).
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019
Subscribe to Vulnerabilities