Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-5530
Publication date:
25/07/2018
F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb".
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2018

CVE-2018-5537
Publication date:
25/07/2018
A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from the back end.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2018

CVE-2018-5536
Publication date:
25/07/2018
A remote attacker via undisclosed measures, may be able to exploit an F5 BIG-IP APM 13.0.0-13.1.0.7 or 12.1.0-12.1.3.5 virtual server configured with an APM per-request policy object and cause a memory leak in the APM module.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-5538
Publication date:
25/07/2018
On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable "dnsexpress.notifyport" is set to any value other than the default of "0".
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-5539
Publication date:
25/07/2018
Under certain conditions, on F5 BIG-IP ASM 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, 11.5.1-11.5.6, or 11.2.1, when processing CSRF protections, the BIG-IP ASM bd process may restart and produce a core file.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-11491
Publication date:
25/07/2018
ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution.
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2018

CVE-2018-6971
Publication date:
25/07/2018
VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during installation (including silent installations). Successful exploitation of this issue may allow low privileged users access to the credentials specified during the Horizon View Agent installation.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-6972
Publication date:
25/07/2018
VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain a denial-of-service vulnerability due to NULL pointer dereference issue in RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2022

CVE-2018-10880
Publication date:
25/07/2018
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2023

CVE-2018-14596
Publication date:
25/07/2018
wancms 1.0 through 5.0 allows remote attackers to cause a denial of service (resource consumption) via a checkcode (aka verification code) URI in which the values of font_size, width, and height are large numbers.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-10906
Publication date:
24/07/2018
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-11044
Publication date:
24/07/2018
Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content into an invite to another user, exploiting the trust implied by the source of the email.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2018
Subscribe to Vulnerabilities